CVE-2006-2900

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*
cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*

Information

Published : 2006-06-07 09:02

Updated : 2011-10-10 21:00


NVD link : CVE-2006-2900

Mitre link : CVE-2006-2900


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

canon

  • network_camera_server_vb101

microsoft

  • ie