Lucene search

MitreCVE-2012-6502

HistoryJan 22, 2013 - 3:55 p.m.

CVE-2012-6502

2013-01-2215:55:02

CWE-200

mitre

web.nvd.nist.gov

cve-2012-6502

microsoft internet explorer

remote attackers

sensitive information

unc share pathname

script element

nvd

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.003

Percentile

70.6%

JSON

Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \127.0.0.1\C$\ sequence.

Affected configurations

Nvd

Node

microsoftinternet_explorerMatch6

microsoftinternet_explorerMatch6sp1

microsoftinternet_explorerMatch7

microsoftinternet_explorerMatch7.0.5730

microsoftinternet_explorerMatch8

microsoftinternet_explorerMatch9

VendorProductVersionCPE
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
microsoftinternet_explorer7cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
microsoftinternet_explorer7.0.5730cpe:2.3:a:microsoft:internet_explorer:7.0.5730:*:*:*:*:*:*:*
microsoftinternet_explorer8cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
microsoftinternet_explorer9cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
microsoft	internet_explorer	7	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
microsoft	internet_explorer	7.0.5730	cpe:2.3:a:microsoft:internet_explorer:7.0.5730:::::::*
microsoft	internet_explorer	8	cpe:2.3:a:microsoft:internet_explorer:8:::::::*
microsoft	internet_explorer	9	cpe:2.3:a:microsoft:internet_explorer:9:::::::*

References

www.nsfocus.com/en/2012/advisories_1228/119.html

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.003

Percentile

70.6%

JSON

Related for CVE-2012-6502