CVE-2012-6502

Published: Jan 22, 2013Modified: Apr 29, 2026

2.6

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability: 4.9 / Impact: 2.9

Source: NVD

Description

Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence.

Affected (6)

Products: Microsoft: Internet Explorer

Microsoft

1 product

Internet Explorer

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 6 sp1
Microsoft Internet Explorer	Version 7.0.5730
Microsoft Internet Explorer	Version 7
Microsoft Internet Explorer	Version 8
Microsoft Internet Explorer	Version 9

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www.nsfocus.com/en/2012/advisories_1228/119.html

Source: cve@mitre.org

http://www.nsfocus.com/en/2012/advisories_1228/119.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.