CVE-2007-5158
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/10/2007
Last modified:
09/04/2025
Description
The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/41382
- http://secunia.com/advisories/27007
- http://www.0x000000.com/index.php?i=437
- http://www.securityfocus.com/bid/25836
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36848
- http://osvdb.org/41382
- http://secunia.com/advisories/27007
- http://www.0x000000.com/index.php?i=437
- http://www.securityfocus.com/bid/25836
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36848