Vulnerabilities > CVE-2007-3406 - Unspecified vulnerability in Microsoft Internet Explorer 6
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Application | 1 |
Exploit-Db
description | Microsoft Internet Explorer 6.0 Local File Access Weakness. CVE-2007-3406. Remote exploit for windows platform |
id | EDB-ID:29619 |
last seen | 2016-02-03 |
modified | 2007-02-20 |
published | 2007-02-20 |
reporter | Rajesh Sethumadhavan |
source | https://www.exploit-db.com/download/29619/ |
title | Microsoft Internet Explorer 6.0 - Local File Access Weakness |