CVE-2012-6502

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions prior to 10

Description The issue allows remote attackers to obtain sensitive information about the existence of files and read certain data from files via a UNC share pathname in the SRC attribute of a SCRIPT element. This can be demonstrated by reading a name-value pair from a local file via a 127.0.0.1C$ sequence.

Recommendations For versions prior to 10, update to version 10 or later to resolve the issue. As a temporary workaround, consider restricting access to the SRC attribute of the SCRIPT element to minimize the risk of exploitation. Avoid using the UNC share pathname in the SRC attribute until the issue is resolved.