Back to search
CVE-2006-2900
Published: Jun 7, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2006-2161
vdb-entry
x_refsource_VUPEN
1059
third-party-advisory
x_refsource_SREASON
18308
vdb-entry
x_refsource_BID
20449
third-party-advisory
x_refsource_SECUNIA
20060605 file upload widgets in IE and Firefox have issues
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now