CVE-2002-2031

Internet Explorer <5.6 - Info Disclosure

Title source: llm

Description

Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Liu Die · textremotewindows

https://www.exploit-db.com/exploits/21199

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Tom Micklovitch · htmlremotewindows

https://www.exploit-db.com/exploits/21198

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/3779

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2002-01/0019.html

[Third Party Advisory] http://www.iss.net/security_center/static/7784.php

Scores

EPSS 0.2899

EPSS Percentile 96.6%

Details

Status published

Products (4)

microsoft/internet_explorer 5.0

microsoft/internet_explorer 5.0.1 (3 CPE variants)

microsoft/internet_explorer 5.5 (2 CPE variants)

microsoft/internet_explorer 6.0

Published Dec 31, 2002

Tracked Since Feb 18, 2026