CVE-2007-3406
Last modified
CVE-2007-3406 is a vulnerability of currently unknown severity. Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.. EPSS estimates a 10.89% chance of exploitation in the next 30 days.
Description
Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 6 |
References
- http://www.xdisclose.com/XD100099.txtExploit, Vendor Advisory
- http://www.xdisclose.com/XD100099.txtExploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-3406?
How severe is CVE-2007-3406?
How do I fix CVE-2007-3406?
Are you affected by CVE-2007-3406?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST