Vulnerability Name:

CVE-2007-4848 (CCN-34989)

Assigned:2007-06-05
Published:2007-06-05
Updated:2021-07-23
Summary:Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.9 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2007-3075

Source: MITRE
Type: CNA
CVE-2007-4848

Source: CCN
Type: ha.ckers.org Blog, May 16th, 2007 at 3:15 pm
Read Firefox Settings (PoC)

Source: OSVDB
Type: UNKNOWN
37638

Source: CCN
Type: Microsoft Internet Explorer Web site
Internet Explorer: Home Page

Source: CCN
Type: OSVDB ID: 37638
Microsoft IE res:// URI Image Object Local File Enumeration

Source: CCN
Type: OSVDB ID: 45436
Microsoft IE URI Unspecified Scheme Traversal Arbitrary File Access

Source: CCN
Type: BID-33413
Microsoft Internet Explorer Unspecified Directory Traversal Vulnerability

Source: CCN
Type: Billy (BK) Rios' Blog, Friday, July 20th, 2007
More URI Stuff… (IE’s Resouce URI)

Source: MISC
Type: Exploit
http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri/

Source: XF
Type: UNKNOWN
ie-resource-information-disclosure(34989)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:5.0_ta3:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:5.x:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:4.x:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:5.0:sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:5.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:microsoft:ie:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    microsoft internet explorer 5.0
    microsoft internet explorer 5.0.1
    microsoft ie 5.0_ta3
    microsoft internet explorer 5.01
    microsoft internet explorer 5.5
    microsoft internet explorer 5.5 preview
    microsoft internet explorer 5.5 sp1
    microsoft internet explorer 6.0.2800.1106
    microsoft internet explorer 6.0.2900
    microsoft internet explorer 7.0.5730.11
    microsoft internet explorer 7.0 beta
    microsoft ie 6.0 sp1
    microsoft internet explorer 6 sp1
    microsoft internet explorer 5.01 sp4
    microsoft ie 5.x
    microsoft ie 6.0 sp2
    microsoft internet explorer 6
    microsoft internet explorer 5.01 sp3
    microsoft internet explorer 5.5 sp2
    microsoft internet explorer 4.0
    microsoft internet explorer 4.0.1
    microsoft internet explorer 4.1
    microsoft internet explorer 4.5
    microsoft internet explorer 5.0.1 sp2
    microsoft internet explorer 5.0.1 sp3
    microsoft internet explorer 5.0.1 sp4
    microsoft internet explorer 5.0.1 sp1
    microsoft internet explorer 5.01 sp1
    microsoft internet explorer 5.01 sp2
    microsoft internet explorer 6.0
    microsoft internet explorer 6.0.2900.2180
    microsoft internet explorer 7.0 beta1
    microsoft internet explorer 7.0 beta3
    microsoft internet explorer 5
    microsoft ie 4.x
    microsoft ie 5.0 sp4
    microsoft internet explorer 7
    microsoft ie 5.0 sp1
    microsoft internet explorer 5.1
    microsoft internet explorer 5.2.3
    microsoft internet explorer 6.0.2600
    microsoft internet explorer 6.0.2800
    microsoft internet explorer 7.0
    microsoft internet explorer 7.0 beta2
    microsoft ie *