CVE-2004-2090

Microsoft Internet Explorer <6.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2090. PoCs published by Jelmer.

AI-analyzed exploit summary This exploit leverages the VBScript LoadPicture method in Microsoft Internet Explorer to enumerate files on the client system by checking for specific error codes. It demonstrates an information leak vulnerability.

Description

Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jelmer · textremotewindows
https://www.exploit-db.com/exploits/23668

This exploit leverages the VBScript LoadPicture method in Microsoft Internet Explorer to enumerate files on the client system by checking for specific error codes. It demonstrates an information leak vulnerability.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer (versions affected by CVE-2004-2090)
No auth needed
Prerequisites: Victim must be using a vulnerable version of Internet Explorer · Victim must execute the malicious script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9611
Exploit, Vendor Advisory mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15078
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10820

Scores

EPSS 0.1602
EPSS Percentile 96.5%

Details

Status published
Products (4)
microsoft/ie 6.0 sp1
microsoft/internet_explorer 5.0.1 (5 CPE variants)
microsoft/internet_explorer 5.5 (3 CPE variants)
microsoft/internet_explorer 6.0
Published Feb 07, 2004
Tracked Since Feb 18, 2026