← Back

CVE-2006-2900

nvd nist
Published: Jun 7, 2006Modified: Apr 16, 2026

JSON object

Loading...
4.0
Vector
AV:N/AC:H/Au:N/C:P/I:P/A:N
Exploitability: 4.9 / Impact: 4.9
Source: NVD

Description

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

Affected (11)

Canon
1 product
Network Camera Server Vb101
Microsoft
1 product
Ie
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Network Camera Server Vb101
All versions
Microsoft
Ie
Version 5.01 windows_2000_sp4
Ie
Version 6
Ie
Version 6 sp1
Ie
Version 6 sp1
Ie
Version 6 sp1
Ie
Version 6 sp1
Ie
Version 6 windows_2000_sp4
Ie
Version 6 windows_server_2003_sp1
Ie
Version 6 windows_server_2003_sp1_itanium
Ie
Version 6 windows_xp_sp2

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.