1. CVE-Search
  2. CVE-2007-4848
ID CVE-2007-4848
Summary Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0_ta3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0_ta3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.x:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.x:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 23-07-2021 - 15:06)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
misc http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/
osvdb 37638
Last major update 23-07-2021 - 15:06
Published 12-09-2007 - 20:17
Last modified 23-07-2021 - 15:06
Back to Top