2.9 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
39.6%
Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. That page could show the contents of these linked files or directories from the local file system in an iframe, causing information disclosure.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 13 | |
firefox esr | lt | 10.0.5 | |
seamonkey | lt | 2.10 | |
thunderbird | lt | 13 | |
thunderbird esr | lt | 10.0.5 |