CVE-2007-3406

EIP tracks 1 public exploit for CVE-2007-3406. PoCs published by Rajesh Sethumadhavan.

AI-analyzed exploit summary This exploit demonstrates multiple local file access vulnerabilities in Microsoft Internet Explorer 6 via various HTML tags. It allows attackers to verify the presence of local files or potentially access them, depending on the system configuration.

Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.