vendor:
Internet Explorer
by:
SecurityFocus
7,5
CVSS
HIGH
File Loading Vulnerability
434
CWE
Product Name: Internet Explorer
Affected Version From: Internet Explorer 6
Affected Version To: Internet Explorer 6
Patch Exists: YES
Related CWE: N/A
CPE: a:microsoft:internet_explorer
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002
Microsoft Internet Explorer File Loading Vulnerability
Microsoft Internet Explorer is prone to an issue which could permit an attacker to load a known, existing file in a user's temporary directory (or possibly other directories in a user's profile). It is possible to exploit this issue via a malicious web page or HTML document. Exploitation would either require that an attacker already knows of a file in the user's temporary directory or that the attacker can place an arbitrary file in this directory.
Mitigation:
Ensure that the user's temporary directory is not accessible to attackers.