Lucene search

[email protected]CVE-2007-4848

HistorySep 12, 2007 - 8:17 p.m.

CVE-2007-4848

2007-09-1220:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4848

microsoft

internet explorer

remote attackers

local files

res:// uri

javascript

image object

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.1%

JSON

Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.

Affected configurations

NVD

Node

microsoftieMatch4.x

microsoftieMatch5.0sp1

microsoftieMatch5.0sp4

microsoftieMatch5.0_ta3

microsoftieMatch5.x

microsoftieMatch6.0sp1

microsoftieMatch6.0sp2

microsoftinternet_explorerMatch4.0

microsoftinternet_explorerMatch4.0.1

microsoftinternet_explorerMatch4.1

microsoftinternet_explorerMatch4.5

microsoftinternet_explorerMatch5

microsoftinternet_explorerMatch5.0

microsoftinternet_explorerMatch5.0.1

microsoftinternet_explorerMatch5.0.1sp1

microsoftinternet_explorerMatch5.0.1sp2

microsoftinternet_explorerMatch5.0.1sp3

microsoftinternet_explorerMatch5.0.1sp4

microsoftinternet_explorerMatch5.01

microsoftinternet_explorerMatch5.1

microsoftinternet_explorerMatch5.01sp1

microsoftinternet_explorerMatch5.01sp2

microsoftinternet_explorerMatch5.01sp3

microsoftinternet_explorerMatch5.01sp4

microsoftinternet_explorerMatch5.2.3

microsoftinternet_explorerMatch5.5

microsoftinternet_explorerMatch5.5preview

microsoftinternet_explorerMatch5.5sp1

microsoftinternet_explorerMatch5.5sp2

microsoftinternet_explorerMatch6

microsoftinternet_explorerMatch6sp1

microsoftinternet_explorerMatch6.0

microsoftinternet_explorerMatch6.0.2600

microsoftinternet_explorerMatch6.0.2800

microsoftinternet_explorerMatch6.0.2800.1106

microsoftinternet_explorerMatch6.0.2900

microsoftinternet_explorerMatch6.0.2900.2180

microsoftinternet_explorerMatch7

microsoftinternet_explorerMatch7.0

microsoftinternet_explorerMatch7.0beta

microsoftinternet_explorerMatch7.0beta1

microsoftinternet_explorerMatch7.0beta2

microsoftinternet_explorerMatch7.0beta3

microsoftinternet_explorerMatch7.0.5730.11

CPENameOperatorVersion
microsoft:iemicrosoft ieeq4.x
microsoft:iemicrosoft ieeq5.0
microsoft:iemicrosoft ieeq5.0_ta3
microsoft:iemicrosoft ieeq5.x
microsoft:iemicrosoft ieeq6.0
microsoft:internet_explorermicrosoft internet explorereq4.0
microsoft:internet_explorermicrosoft internet explorereq4.0.1
microsoft:internet_explorermicrosoft internet explorereq4.1
microsoft:internet_explorermicrosoft internet explorereq4.5
microsoft:internet_explorermicrosoft internet explorereq5

CPE	Name	Operator	Version
microsoft:ie	microsoft ie	eq	4.x
microsoft:ie	microsoft ie	eq	5.0
microsoft:ie	microsoft ie	eq	5.0_ta3
microsoft:ie	microsoft ie	eq	5.x
microsoft:ie	microsoft ie	eq	6.0
microsoft:internet_explorer	microsoft internet explorer	eq	4.0
microsoft:internet_explorer	microsoft internet explorer	eq	4.0.1
microsoft:internet_explorer	microsoft internet explorer	eq	4.1
microsoft:internet_explorer	microsoft internet explorer	eq	4.5
microsoft:internet_explorer	microsoft internet explorer	eq	5

Rows per page:

1-10 of 261

References

osvdb.org/37638

xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.1%

JSON

Related for CVE-2007-4848

prion1 cvelist1 nvd1