CVE-2007-4848

Description

Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.

Related CPE's

amicrosoftinternet_explorer5*******

amicrosoftie4.x*******

amicrosoftie6.0sp1******

amicrosoftinternet_explorer6sp1******

amicrosoftie5.0_ta3*******

amicrosoftinternet_explorer5.01sp4******

amicrosoftie5.x*******

amicrosoftie5.0sp4******

amicrosoftie6.0sp2******

amicrosoftinternet_explorer7*******

References

http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/

Exploit

37638

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:P/I:N/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

NONE

AvailabilityImpact

NONE

BaseScore

4.300000190734863

Created by Yello
About Severity.io