Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4848

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4848
Last Modified 15 Nov 2008 01:58:46
Published 12 Sep 2007 04:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4848

Summary

Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.

Vulnerable Systems

Application

  • Microsoft Ie 4.0

  • Microsoft Ie 4.0.1

  • Microsoft Ie 4.1

  • Microsoft Ie 4.5

  • Microsoft Ie 4.x

  • Microsoft Ie 5

  • Microsoft Ie 5.0

  • Microsoft Ie 5.0 Ta3

  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.01

  • Microsoft Ie 5.1

  • Microsoft Ie 5.2.3

  • Microsoft Ie 5.5

  • Microsoft Ie 5.x

  • Microsoft Ie 6

  • Microsoft Ie 6.0

  • Microsoft Ie 6.0.2600

  • Microsoft Ie 6.0.2800

  • Microsoft Ie 6.0.2800.1106

  • Microsoft Ie 6.0.2900

  • Microsoft Ie 6.0.2900.2180

  • Microsoft Ie 7

  • Microsoft Ie 7.0

  • Microsoft Ie 7.0.5730.11


References

MISC - http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/

OSVDB - 37638


Last Updated: 27 May 2016 10:45:58