Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4356

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4356
Last Modified 15 Nov 2008 01:56:41
Published 14 Aug 2007 08:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4356

Summary

Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file.

Vulnerable Systems

Application

  • Microsoft Ie 6

  • Microsoft Ie 7


References

SECUNIA - 26427

OSVDB - 36400

MISC - http://blog.washingtonpost.com/securityfix/2007/08/ftp_files_expose_web_site_cred.html


Last Updated: 27 May 2016 10:45:50