CVE-2010-0555

Published: Feb 4, 2010Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.

Affected (23)

Products: Microsoft: Internet Explorer, Windows Xp, Windows Server 2003, Windows Server 2008, Windows Vista, Windows 2000

6 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Configuration B

17 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	Version gold
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions