Vulnerability Details CVE-2002-2311
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.227
EPSS Ranking 95.5%
CVSS Severity
CVSS v2 Score 6.4
References
- http://online.securityfocus.com/archive/1/283866
- http://online.securityfocus.com/archive/1/284068
- http://www.iss.net/security_center/static/9653.php
- http://www.securityfocus.com/bid/5290
- http://online.securityfocus.com/archive/1/283866
- http://online.securityfocus.com/archive/1/284068
- http://www.iss.net/security_center/static/9653.php
- http://www.securityfocus.com/bid/5290
Products affected by CVE-2002-2311
-
cpe:2.3:a:microsoft:internet_explorer:5.0
-
cpe:2.3:a:microsoft:internet_explorer:5.0.1
-
cpe:2.3:a:microsoft:internet_explorer:5.5
-
cpe:2.3:a:microsoft:internet_explorer:6.0
-
cpe:2.3:a:opera_software:opera_web_browser:6.0.1