Vulnerability Description
Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Xp | All versions |
| Microsoft | Internet Explorer | 6 |
References
- http://osvdb.org/45435
- http://www.securityfocus.com/bid/22621Exploit
- http://www.xdisclose.com/XD100099.txtExploitVendor Advisory
- http://osvdb.org/45435
- http://www.securityfocus.com/bid/22621Exploit
- http://www.xdisclose.com/XD100099.txtExploitVendor Advisory
FAQ
What is CVE-2007-3406?
CVE-2007-3406 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of...
How severe is CVE-2007-3406?
CVE-2007-3406 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3406?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Xp, Microsoft Internet Explorer.