Arbitrary File Existence Disclosure in Microsoft Internet Explorer 5.0.1 through 6.0

Arbitrary File Existence Disclosure in Microsoft Internet Explorer 5.0.1 through 6.0

CVE-2004-2090 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.

Learn more about our Web Application Penetration Testing UK.