Remote file detection vulnerability in Microsoft Internet Explorer
CVE-2007-4848

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Explorer; Ie
Vendor: CVE Published:; 12 September 2007

Summary

The vulnerability exists in Microsoft Internet Explorer versions 4.0 through 7, which permits remote attackers to identify the presence of local files associated with images. This is achieved through the use of a res:// URI in the src property of a JavaScript Image object. Attackers can exploit this flaw to expose local file structures as demonstrated by accessing bitmap images within executable (.exe) or dynamic link library (.dll) files.

References

http://osvdb.org/37638

vdb-entryx_refsource_OSVDB

http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-r...

x_refsource_MISC

EPSS Score

23% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 12, 2007
Vulnerability Reserved
Sep 12, 2007