CVE-2012-6502

EUVD-2012-6352
Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
microsoftinternet_explorer
7.0.5730
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.nsfocus.com/en/2012/advisories_1228/119.html
http://www.nsfocus.com/en/2012/advisories_1228/119.html