CVE-2006-5715

Name of the Vulnerable Software and Affected Versions: Easy File Sharing (EFS) Easy Address Book version 1.2

Description: The issue allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream. This occurs when the software is run on an NTFS file system.

Recommendations: For Easy File Sharing (EFS) Easy Address Book version 1.2, consider restricting access to sensitive files under the web root until a patch is available. As a temporary workaround, avoid using the NTFS file system or disable the ability to access alternate data streams.