Thursday, September 13, 2007 2:31 PM
cmosby
National Vulnerability Database (CVE-2007-4848) - Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files
Vulnerability Summary CVE-2007-4848
Original release date: 9/12/2007
Source: US-CERT/NIST
This vulnerability is currently undergoing analysis and not all information is available.
Please check back soon to view the completed vulnerability summary.
Overview
Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
References to Advisories, Solutions, and Tools
External Source: (disclaimer)
Hyperlink: http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/
Technical Details
CVE Standard Vulnerability Entry:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4848
Source: National Vulnerability Database (CVE-2007-4848)
Filed under: Browser Wars, Internet Explorer, Security