CVE-2007-4356 — Microsoft Internet Explorer vulnerability

2 documents2 sources

Severity

9.3CRITICALNVD

EPSS

28.6%

top 3.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedAug 15

Latest updateMay 1

Description

Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer6, 7+1

🔴Vulnerability Details

GHSA

GHSA-ggw2-hv98-c7p2: Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent atta↗2022-05-01

▶