CVE-ID

CVE-2001-0807

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20011030 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20020226-01)
Votes (Legacy)
ACCEPT(3) Baker, Cole, Prosser
MODIFY(1) Frech
NOOP(3) Armstrong, Bishop, Foat
REVIEWING(2) Christey, Wall
Comments (Legacy)
 Frech> XF:ie-local-file-disclosure(6688)
 Prosser> Legacy product, users should have updated.
   Courtesy of Microsoft Security Response Center <secure@microsoft.com>:
   
   IE 5 is no longer supported - so unless this repro's on 5.01 or 5.5, we wouldn't consider doing anything for this.
 Christey> ADDREF BID:2836
   URL:http://www.securityfocus.com/bid/2836
 CHANGE> [Christey changed vote from NOOP to REVIEWING]

Proposed (Legacy)
20011122
This is an entry on the CVE list, which standardizes names for security problems.