CVE-2006-2900

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

Published: Jun 7, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-2900
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:H/Au:N/C:P/I:P/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
microsoft / ie	6-windows_2000_sp4	6-windows_2000_sp4.x
canon / network_camera_server_vb101	-	-
microsoft / ie	6	6.x
microsoft / ie	6-sp1	6-sp1.x
microsoft / ie	6-windows_server_2003_sp1	6-windows_server_2003_sp1.x
microsoft / ie	6-windows_server_2003_sp1_itanium	6-windows_server_2003_sp1_itanium.x
microsoft / ie	5.01-windows_2000_sp4	5.01-windows_2000_sp4.x
microsoft / ie	6-windows_xp_sp2	6-windows_xp_sp2.x

Vulnerability Database

289,784

CVE-2006-2900