CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
85.7%
Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka “Content-Disposition Information Disclosure Vulnerability.”
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | internet_explorer | 6 | cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:* |
microsoft | windows_server_2003 | - | cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* |
microsoft | windows_xp | - | cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:* |
microsoft | windows_xp | - | cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* |
microsoft | internet_explorer | 7 | cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:* |
microsoft | windows_server_2008 | - | cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* |
microsoft | windows_vista | - | cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* |
microsoft | internet_explorer | 8 | cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:* |
microsoft | windows_7 | - | cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:* |
microsoft | windows_7 | - | cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* |