Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.
References
Link | Resource |
---|---|
http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html | Exploit Vendor Advisory |
http://secunia.com/advisories/10820 | Vendor Advisory |
http://www.securityfocus.com/bid/9611 | Exploit Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/15078 |
Configurations
Configuration 1 (hide)
|
History
23 Jul 2021, 12:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:* cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:* cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:* cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:* cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:* cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:* cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:* |
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:* |
Information
Published : 2004-02-07 05:00
Updated : 2024-02-04 16:31
NVD link : CVE-2004-2090
Mitre link : CVE-2004-2090
CVE.ORG link : CVE-2004-2090
JSON object : View
Products Affected
microsoft
- ie
- internet_explorer
CWE