CVE-2006-2900 — Sensitive Information Exposure in Microsoft IE

CWE-200 — Sensitive Information Exposure6 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
17.4%
top 4.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft IE
Timeline
PublishedJun 7
Latest updateMay 1

Description

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages1 packages

â–¶NVDmicrosoft/ie5.01, 6+1

🔴Vulnerability Details

2
GHSA
GHSA-q95h-8xhw-ccxp: Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename↗2022-05-01
â–¶
CVEList
CVE-2006-2900: Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename↗2006-06-07
â–¶

💥Exploits & PoCs

3
Exploit-DB
Microsoft Internet Explorer 7 - CSS Width Element Denial of Service↗2006-12-06
â–¶
Exploit-DB
WinZip 10.0.7245 - FileView ActiveX Remote Buffer Overflow↗2006-11-15
â–¶
Exploit-DB
Microsoft Internet Explorer 6.0.2900 SP2 - CSS Attribute Denial of Service↗2006-05-10
â–¶
CVE-2006-2900 — Sensitive Information Exposure | cvebase