Information disclosure vulnerability in Microsoft Internet Explorer via a UNC share pathname in the SRC attribute of a SCRIPT elementDeprecated |
ID: oval:org.secpod.oval:def:8960 | Date: (C)2013-01-25 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
The host is installed with Internet Explorer 6 or 7 or 8 or 9 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle UNC share pathname in the SRC attribute of a SCRIPT element. Successful exploitation allows attackers to obtain sensitive information about the existence of files, and read certain data from files.
Platform: |
Microsoft Windows Server 2003 |
Microsoft Windows XP |
Product: |
Internet Explorer 6 |
Internet Explorer 7 |
Internet Explorer 8 |
Internet Explorer 9 |