Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.
2010-02-04T20:15:49.967
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:N/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | microsoft | internet_explorer | 6 | Yes |
| Operating System | microsoft | windows_server_2003 | * | No |
| Operating System | microsoft | windows_server_2003 | * | No |
| Operating System | microsoft | windows_server_2003 | * | No |
| Operating System | microsoft | windows_server_2003 | * | No |
| Operating System | microsoft | windows_xp | * | No |
| Operating System | microsoft | windows_xp | * | No |
| Operating System | microsoft | windows_xp | * | No |
| Operating System | microsoft | windows_xp | * | No |
| Application | microsoft | internet_explorer | 7 | Yes |
| Operating System | microsoft | windows_server_2003 | * | No |
| Operating System | microsoft | windows_server_2003 | * | No |
| Operating System | microsoft | windows_server_2003 | * | No |
| Operating System | microsoft | windows_server_2003 | * | No |
| Operating System | microsoft | windows_server_2008 | * | No |
| Operating System | microsoft | windows_server_2008 | * | No |
| Operating System | microsoft | windows_server_2008 | * | No |
| Operating System | microsoft | windows_server_2008 | * | No |
| Operating System | microsoft | windows_vista | * | No |
| Operating System | microsoft | windows_vista | * | No |
| Operating System | microsoft | windows_vista | * | No |
| Operating System | microsoft | windows_vista | gold | No |
| Operating System | microsoft | windows_xp | * | No |
| Operating System | microsoft | windows_xp | * | No |
| Operating System | microsoft | windows_xp | * | No |
| Operating System | microsoft | windows_xp | * | No |
| Application | microsoft | internet_explorer | 5.01 | Yes |
| Application | microsoft | internet_explorer | 6 | Yes |
| Operating System | microsoft | windows_2000 | * | No |
| Application | microsoft | internet_explorer | 8 | Yes |
| Operating System | microsoft | windows_2003_server | * | No |
| Operating System | microsoft | windows_2003_server | * | No |
| Operating System | microsoft | windows_2003_server | * | No |
| Operating System | microsoft | windows_7 | - | No |
| Operating System | microsoft | windows_server_2008 | * | No |
| Operating System | microsoft | windows_server_2008 | * | No |
| Operating System | microsoft | windows_server_2008 | * | No |
| Operating System | microsoft | windows_server_2008 | * | No |
| Operating System | microsoft | windows_server_2008 | * | No |
| Operating System | microsoft | windows_server_2008 | - | No |
| Operating System | microsoft | windows_server_2008 | r2 | No |
| Operating System | microsoft | windows_server_2008 | r2 | No |
| Operating System | microsoft | windows_vista | * | No |
| Operating System | microsoft | windows_vista | * | No |
| Operating System | microsoft | windows_vista | - | No |
| Operating System | microsoft | windows_vista | - | No |
| Operating System | microsoft | windows_xp | * | No |
| Operating System | microsoft | windows_xp | * | No |
| Operating System | microsoft | windows_xp | - | No |