CVE-2007-4848

Published: Sep 12, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.

Affected (44)

Products: Microsoft: Ie, Internet Explorer

Microsoft

2 products

Internet Explorer

Configuration A

44 vulnerable

Vulnerable Software	Affected Versions
Microsoft Ie	Version 4.x
Microsoft Ie	Version 5.0 sp1
Microsoft Ie	Version 5.0 sp4
Microsoft Ie	Version 5.0_ta3
Microsoft Ie	Version 5.x
Microsoft Ie	Version 6.0 sp1
Microsoft Ie	Version 6.0 sp2
Microsoft Internet Explorer	Version 4.0.1
Microsoft Internet Explorer	Version 4.0
Microsoft Internet Explorer	Version 4.1
Microsoft Internet Explorer	Version 4.5
Microsoft Internet Explorer	Version 5.0.1
Microsoft Internet Explorer	Version 5.0.1 sp1
Microsoft Internet Explorer	Version 5.0.1 sp2
Microsoft Internet Explorer	Version 5.0.1 sp3
Microsoft Internet Explorer	Version 5.0.1 sp4
Microsoft Internet Explorer	Version 5.01
Microsoft Internet Explorer	Version 5.01 sp1
Microsoft Internet Explorer	Version 5.01 sp2
Microsoft Internet Explorer	Version 5.01 sp3
Microsoft Internet Explorer	Version 5.01 sp4
Microsoft Internet Explorer	Version 5.0
Microsoft Internet Explorer	Version 5.1
Microsoft Internet Explorer	Version 5.2.3
Microsoft Internet Explorer	Version 5.5
Microsoft Internet Explorer	Version 5.5 preview
Microsoft Internet Explorer	Version 5.5 sp1
Microsoft Internet Explorer	Version 5.5 sp2
Microsoft Internet Explorer	Version 5
Microsoft Internet Explorer	Version 6.0.2600
Microsoft Internet Explorer	Version 6.0.2800.1106
Microsoft Internet Explorer	Version 6.0.2800
Microsoft Internet Explorer	Version 6.0.2900.2180
Microsoft Internet Explorer	Version 6.0.2900
Microsoft Internet Explorer	Version 6.0
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 6 sp1
Microsoft Internet Explorer	Version 7.0.5730.11
Microsoft Internet Explorer	Version 7.0
Microsoft Internet Explorer	Version 7.0 beta1
Microsoft Internet Explorer	Version 7.0 beta2
Microsoft Internet Explorer	Version 7.0 beta3
Microsoft Internet Explorer	Version 7.0 beta
Microsoft Internet Explorer	Version 7

References (4)

http://osvdb.org/37638

Source: cve@mitre.org

http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/

Source: cve@mitre.org

Exploit

http://osvdb.org/37638

Source: af854a3a-2127-422b-91ae-364da2661108

http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.