Описание
Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:ie:4.x:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:5.0:sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:5.0_ta3:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.2308
Средний
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
EPSS
Процентиль: 96%
0.2308
Средний
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other