- Description
- Offline Explorer 1.4 before Service Release 2 allows remote attackers to read arbitrary files by specifying the drive letter (e.g. C:) in the requested URL.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:metaproducts:offline_explorer:1.0x:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABEA1DB4-AD42-495E-A71C-4D42BEC43448"
},
{
"criteria": "cpe:2.3:a:metaproducts:offline_explorer:1.1x:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD186EA8-2156-4D84-8EA5-8D7669EE1B00"
},
{
"criteria": "cpe:2.3:a:metaproducts:offline_explorer:1.2x:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE72FB55-7DA6-470C-A3CF-450061102D43"
},
{
"criteria": "cpe:2.3:a:metaproducts:offline_explorer:1.3x:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45D7682F-8F76-4805-B0FF-9EE26317382C"
}
],
"operator": "OR"
}
]
}
]