File Upload Vulnerability in Internet Explorer 6 by Microsoft
CVE-2006-2900

Currently unrated

Key Information:

Vendor: Microsoft
Status: Ie; Network Camera Server Vb101
Vendor: CVE Published:; 7 June 2006

What is CVE-2006-2900?

A flaw in Internet Explorer 6 enables remote attackers to exploit a file upload mechanism. By manipulating JavaScript events such as OnKeyDown, OnKeyPress, and OnKeyUp, an attacker could persuade a user to inadvertently input the filename of a targeted file into a form. When the form is submitted, the unintended file could be uploaded to the server, potentially exposing sensitive data. This vulnerability poses a significant risk when users are tricked into executing specific keystrokes without their awareness.

References

http://www.vupen.com/english/advisories/2006/2161

vdb-entryx_refsource_VUPEN

http://securityreason.com/securityalert/1059

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/18308

vdb-entryx_refsource_BID

EPSS Score

17% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2006
Vulnerability Reserved
Jun 7, 2006