CVE-2007-4848

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 4.0 through 7

Description: The issue allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object. This can be demonstrated by using the URI for a bitmap image resource within a .exe or .dll file.

Recommendations: For Microsoft Internet Explorer versions 4.0 through 7, consider disabling the use of res:// URIs in the src property of JavaScript Image objects as a temporary workaround until a patch is available. Restrict access to local files to minimize the risk of exploitation.