CVE-2006-2900

Currently unrated

Key Information:

Vendor: Microsoft
Status: Ie; Network Camera Server Vb101
Vendor: CVE Published:; 7 June 2006

Summary

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

References

http://www.vupen.com/english/advisories/2006/2161

vdb-entryx_refsource_VUPEN

http://securityreason.com/securityalert/1059

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/18308

vdb-entryx_refsource_BID

EPSS Score

76% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 7, 2006
Vulnerability Reserved
Jun 7, 2006

Collectors

NVD DatabaseMitre Database