CVE-2007-3406

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer 6 on Windows XP SP2

Description The issue allows remote attackers to access arbitrary local files via the file: URI in various attributes of HTML tags, including the src attribute of bgsound, input, EMBED, img, or script tags, the data attribute of an object tag, the value attribute of a param tag, the background attribute of a body tag, or the background:url attribute declared in the BODY parameter of a STYLE tag.

Recommendations For Microsoft Internet Explorer 6 on Windows XP SP2, consider disabling the ability to access local files via the file: URI in the affected attributes as a temporary workaround until a patch is available. Restrict access to sensitive local files to minimize the risk of exploitation. Avoid using the file: URI in the src, data, value, background, or background:url attributes in HTML tags until the issue is resolved.