HTTP: Microsoft Internet Explorer Information Disclosure

This signature detects attempts to exploit a known vulnerability in Microsoft IE. A successful attack can lead to unauthorized information disclosure.

Extended Description

Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence.

Affected Products

Microsoft internet_explorer

References

CVE: CVE-2012-6502

Short Name
HTTP:STC:IE:CVE-2012-6502-INFO
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2012-6502 Disclosure Explorer Information Internet Microsoft
Release Date
03/20/2014
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Rarely
Vendors

Microsoft

CVSS Score

2.6

Found a potential security threat?