Unrated severityNVD Advisory· Published Jun 7, 2006· Updated Apr 16, 2026

CVE-2006-2900

Description

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

Affected products

Microsoft/Ie10 versions
cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*
Canon/Network Camera Server Vb101
cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20449nvdVendor Advisory
www.vupen.com/english/advisories/2006/2161nvdVendor Advisory
lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.htmlnvd
securityreason.com/securityalert/1059nvd
www.securityfocus.com/bid/18308nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.014
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000