| Vulnerability Name: | CVE-2004-2090 (CCN-15078) | ||||||||
| Assigned: | 2004-02-07 | ||||||||
| Published: | 2004-02-07 | ||||||||
| Updated: | 2021-07-23 | ||||||||
| Summary: | Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2004-2090 Source: FULLDISC Type: Exploit, Vendor Advisory 20040207 (no subject) Source: CCN Type: SA10820 Internet Explorer File Identification Variant Source: SECUNIA Type: Vendor Advisory 10820 Source: CCN Type: OSVDB ID: 3879 Microsoft IE File Identification Variant Source: BID Type: Exploit, Vendor Advisory 9611 Source: CCN Type: BID-9611 Microsoft Internet Explorer LoadPicture File Enumeration Weakness Source: XF Type: UNKNOWN ie-error-obtain-information(15078) Source: XF Type: UNKNOWN ie-error-obtain-information(15078) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||