CVE-2006-2900

Internet Explorer 6 - Info Disclosure

Title source: llm
STIX 2.1

Description

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

References (5)

Core 5
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2161
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1059
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18308
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20449
Mailing List mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html

Scores

EPSS 0.1261
EPSS Percentile 95.8%

Details

CWE
CWE-200
Status published
Products (3)
canon/network_camera_server_vb101
microsoft/ie 5.01 windows_2000_sp4
microsoft/ie 6 (9 CPE variants)
Published Jun 07, 2006
Tracked Since Feb 18, 2026