PT-2007-5985 · Microsoft · Internet Explorer

Published

2007-09-12

Updated

2021-07-23

CVE-2007-4848

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 4.0 through 7

Description: The issue allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object. This can be demonstrated by using the URI for a bitmap image resource within a .exe or .dll file.

Recommendations: For Microsoft Internet Explorer versions 4.0 through 7, consider disabling the use of res:// URIs in the src property of JavaScript Image objects as a temporary workaround until a patch is available. Restrict access to local files to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4848

Affected Products

Internet Explorer

PT-2007-5985 · Microsoft · Internet Explorer

CVE-2007-4848

Related Identifiers

Affected Products

References · 3