CVE-2012-6502
Published Jan 22, 2013
Last updated 11 years ago
Overview
- Description
- Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- Per: http://www.nsfocus.com/en/2012/advisories_1228/119.html 'Internet Explorer version 6 through 9 are affected..'
- Impact
- CVSS score based on update to http://www.nsfocus.com/en/2012/advisories_1228/119.html: "An attacker would not be able to discover information or files on a system that they do not already know the name and file path. They have to guess the path and name. "
- Solution
- CVSS score based on update to http://www.nsfocus.com/en/2012/advisories_1228/119.html: "An attacker would not be able to discover information or files on a system that they do not already know the name and file path. They have to guess the path and name. "
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3B85C32-02F5-43F5-8BBB-5A240F99BAA9"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360"
}
],
"operator": "OR"
}
]
}
]