Vulnerability Details : CVE-2006-2900
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2006-2900
Probability of exploitation activity in the next 30 days: 95.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-2900
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:N |
4.9
|
4.9
|
nvd@nist.gov |
CWE ids for CVE-2006-2900
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-2900
Products affected by CVE-2006-2900
- cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*
- cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*