Vulnerabilities > CVE-2007-3406 - Unspecified vulnerability in Microsoft Internet Explorer 6
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN microsoft
exploit available
Summary
Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Application | 1 |
Exploit-Db
| description | Microsoft Internet Explorer 6.0 Local File Access Weakness. CVE-2007-3406. Remote exploit for windows platform |
| id | EDB-ID:29619 |
| last seen | 2016-02-03 |
| modified | 2007-02-20 |
| published | 2007-02-20 |
| reporter | Rajesh Sethumadhavan |
| source | https://www.exploit-db.com/download/29619/ |
| title | Microsoft Internet Explorer 6.0 - Local File Access Weakness |