Vulnerability Note VU#400577
Microsoft Internet Explorer allows arbitrary local file reading via "showHelp()" function
A vulnerability in Microsoft Internet Explorer (IE) allows remote attackers to read arbitrary files on a vulnerable system.
A vulnerability in the showHelp Method contained within IE may allow a remote attacker to read arbitrary files. For further details, please see the following documents:Microsoft Security Bulletin MS03-004:
A remote attacker may be able to read arbitrary files on a vulnerable system, which may allow them to gain access to sensitive information such as user credentials. In the worst case, a remote attacker may be able to execute programs with certain parameters leading to a total system compromise if IE is running as administrator.
Apply a patch. More information about patches can be found in MS03-004.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||06 Feb 2003|
CVSS Metrics (Learn More)
This vulnerability was discovered by Andreas Sandblad. The CERT/CC thanks Andreas for helping us to understand this vulnerability.
This document was written by Ian A Finlay.
- CVE IDs: CAN-2003-1328
- Date Public: 05 Feb 2003
- Date First Published: 06 Feb 2003
- Date Last Updated: 13 Feb 2003
- Severity Metric: 28.69
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.