CVE-2002-2311

2022-10-0316:23:49

mitre

www.cve.org

cve-2002-2311

remote attack

arbitrary file upload

javascript event

keydown event

disputed severity

6.8 Medium

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.7%

JSON

Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.

References

online.securityfocus.com/archive/1/283866

online.securityfocus.com/archive/1/284068

www.iss.net/security_center/static/9653.php

www.securityfocus.com/bid/5290