Описание
Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability."
Комментарий
Per: http://www.microsoft.com/technet/security/Bulletin/MS10-071.mspx
'An attacker who successfully exploited this vulnerability could potentially capture data previously entered into forms in the browser. The AutoComplete feature is disabled by default.'
Ссылки
Уязвимые конфигурации
Одновременно
Одно из
Одновременно
Одно из
EPSS
2.6 Low
CVSS2
Дефекты
Связанные уязвимости
Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability."
EPSS
2.6 Low
CVSS2