Vulnerabilities > CVE-2007-3406 - Unspecified vulnerability in Microsoft Internet Explorer 6

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

microsoft

exploit available

NVD

Published: 2007-06-26

Updated: 2021-07-23

Summary

Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows XP *	1
Application	Microsoft Microsoft Internet Explorer 6	1

Exploit-Db

description	Microsoft Internet Explorer 6.0 Local File Access Weakness. CVE-2007-3406. Remote exploit for windows platform
id	EDB-ID:29619
last seen	2016-02-03
modified	2007-02-20
published	2007-02-20
reporter	Rajesh Sethumadhavan
source	https://www.exploit-db.com/download/29619/
title	Microsoft Internet Explorer 6.0 - Local File Access Weakness

Summary

Vulnerable Configurations

Exploit-Db

References