CVE-2012-6502

Internet Explorer - Information Disclosure via UNC Path in SCRIPT SRC Attribute

Title source: llm
STIX 2.1

Description

Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence.

References (1)

Core 1
Core References

Scores

EPSS 0.1009
EPSS Percentile 95.1%

Details

CWE
CWE-200
Status published
Products (5)
microsoft/internet_explorer 6 (2 CPE variants)
microsoft/internet_explorer 7
microsoft/internet_explorer 7.0.5730
microsoft/internet_explorer 8
microsoft/internet_explorer 9
Published Jan 22, 2013
Tracked Since Feb 18, 2026