**shell32.dll** library provides functions which handle interaction between Internet Explorer and the Windows shell.
The version of the
**shell32.dll** library installed with Internet Explorer 7 does not properly validate malformed URIs containing a percent character (
**%**). This allows command execution when a user follows a specially crafted link in other applications, such as Firefox.
Follow the recommendations in Microsoft Security Advisory 943521 and install a fix when available.
Exploit works on Microsoft Internet Explorer 7.0.5730.13 through Firefox 18.104.22.168.
The SAINTexploit host must be able to bind to port 69/UDP.
Exploit requires the PERL threads module to be installed on the SAINTexploit host.