Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6502

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2012-6502
Last Modified 03 Sep 2013 02:29:40
Published 22 Jan 2013 10:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-6502

Summary

Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence.

Vulnerable Systems

Application

  • Microsoft Internet Explorer 6

  • Microsoft Internet Explorer 7

  • Microsoft Internet Explorer 7.0.5730

  • Microsoft Internet Explorer 8

  • Microsoft Internet Explorer 9


References

MISC - http://www.nsfocus.com/en/2012/advisories_1228/119.html


Last Updated: 27 May 2016 10:51:50