Description
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jelmer · textremotewindows
https://www.exploit-db.com/exploits/23668
References (4)
Core 4
Core References
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9611
Exploit, Vendor Advisory mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15078
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10820
Scores
EPSS
0.3941
EPSS Percentile
97.3%
Details
Status
published
Products (4)
microsoft/ie
6.0 sp1
microsoft/internet_explorer
5.0.1 (5 CPE variants)
microsoft/internet_explorer
5.5 (3 CPE variants)
microsoft/internet_explorer
6.0
Published
Feb 07, 2004
Tracked Since
Feb 18, 2026