Vulnerability Description
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Ie | 6.0 |
| Microsoft | Internet Explorer | 5.0.1 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.htmlExploitVendor Advisory
- http://secunia.com/advisories/10820Vendor Advisory
- http://www.securityfocus.com/bid/9611ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15078
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.htmlExploitVendor Advisory
- http://secunia.com/advisories/10820Vendor Advisory
- http://www.securityfocus.com/bid/9611ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15078
FAQ
What is CVE-2004-2090?
CVE-2004-2090 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does no...
How severe is CVE-2004-2090?
CVE-2004-2090 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2090?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Ie, Microsoft Internet Explorer.