CVE-2012-6502

2013-01-2215:55:02

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0.003

Percentile

70.6%

JSON

Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \127.0.0.1\C$\ sequence.

Affected configurations

Nvd

Node

microsoftinternet_explorerMatch6

microsoftinternet_explorerMatch6sp1

microsoftinternet_explorerMatch7

microsoftinternet_explorerMatch7.0.5730

microsoftinternet_explorerMatch8

microsoftinternet_explorerMatch9

VendorProductVersionCPE
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
microsoftinternet_explorer7cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
microsoftinternet_explorer7.0.5730cpe:2.3:a:microsoft:internet_explorer:7.0.5730:*:*:*:*:*:*:*
microsoftinternet_explorer8cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
microsoftinternet_explorer9cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
microsoft	internet_explorer	7	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
microsoft	internet_explorer	7.0.5730	cpe:2.3:a:microsoft:internet_explorer:7.0.5730:::::::*
microsoft	internet_explorer	8	cpe:2.3:a:microsoft:internet_explorer:8:::::::*
microsoft	internet_explorer	9	cpe:2.3:a:microsoft:internet_explorer:9:::::::*