Executive Summary
Informations | |||
---|---|---|---|
Name | MS00-093 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.1 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Browser Print Template and File Upload via Form Vulnerabilities |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
7822 | Microsoft IE HTML Form Input Element Arbitrary File Access |
7821 | Microsoft IE Print Templates Feature Arbitrary ActiveX Execution |
7820 | Microsoft IE Scriptlet Invoking ActiveX Arbitrary File Access Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The ActiveX control used for invoking scriptlets can be used to render arbitrary file types instead of strictly HTML files, which could allow a malicious web site operator to create a script that would access arbitrary files on the victim's system resulting in a loss of confidentiality. |
7817 | Microsoft IE Frame Domain Validation Arbitrary File Access Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The problem is due to improper enforcement of frames separation in the same window residing in different domains, which could allow a malicious Web site operator to open a frame in his own domain and a frame that refers to the visiting victim's file system. It is possible to view arbitrary files on a visiting victim's computer if the remote attacker knows or can guess the name and location of the file and if the file can be displayed in a Web browser window resulting in a loss of confidentiality. |