CVE-2006-3391

The Execute function in iMBCContents ActiveX Control before 2.0.0.59 allows remote attackers to execute arbitrary files via the file URI handler...

CVE-2006-3391

The Execute function in iMBCContents ActiveX Control before 2.0.0.59 allows remote attackers to execute arbitrary files via the file URI handler...

CVE-2006-3391

This CVE affects the iMBCContents ActiveX Control prior to 2.0.0.59. The vulnerability resides in the Execute function, which allows remote attackers to run arbitrary files via the file URI handler. Impact is remote code execution with partial confidentiality, integrity, and availability implicat...

CVE-2006-3200

Unspecified versions of Internet Explorer allow remote attackers to cause a denial of service crash via an IFRAME with a src tag containing a "File://" URI followed by an 8-bit character. NOTE: some third parties were unable to verify this issue...

CVE-2004-1795

Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI...

Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)

Using img src="file:///dev/tty0" on my Linux machine caused Netscape and Mozilla both to eat all the keyboard input. I had to use another machine to kill it. I expected Netscape to NOT open file URIs from within a page fetched via !file http, https, ftp, gopher, etc.. -jwb...