CVE-2002-2311

CWE-2643 documents3 sources

Severity

6.4MEDIUM

EPSS

23.5%

top 4.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer Opera Software Opera WEB Browser

Timeline

PublishedDec 31

Latest updateApr 30

Description

Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer4 versions+3

▶NVDopera_software/opera_web_browser6.0.1

🔴Vulnerability Details

GHSA

GHSA-5f3j-w3f6-9g93: Microsoft Internet Explorer 6↗2022-04-30

▶

CVEList

CVE-2002-2311: Microsoft Internet Explorer 6↗2007-10-26

▶