CVE-2007-4848Microsoft IE vulnerability

3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
23.1%
top 4.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedSep 12
Latest updateMay 1

Description

Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/internet_explorer21 versions+20
NVDmicrosoft/ie5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-7249-8rm8-q744: Microsoft Internet Explorer 42022-05-01
CVEList
CVE-2007-4848: Microsoft Internet Explorer 42007-09-12