CVE-2002-2031
published 2002-12-31CVE-2002-2031: Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag…
PriorityP420medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
20.51%
97.2th percentile
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer 5 - JavaScript Local File Enumeration (2)
exploitdb·2002-01-03
CVE-2002-2031 Microsoft Internet Explorer 5 - JavaScript Local File Enumeration (2)
Microsoft Internet Explorer 5 - JavaScript Local File Enumeration (2)
---
source: https://www.securityfocus.com/bid/3779/info
Microsoft Internet Explorer is prone to a vulnerability which may disclose sensitive information to a malicious webmaster.
When script code includes a file outside of the document it is embedded in and the file does not exist, the onError event handler will run script if it is enabled. This script can determine whether the file to be included exists or not. This can be used to verify the existence of files on client hosts by creating webpages that include files from the local host using 'file://'.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21199.zip
Exploit-DB
Microsoft Internet Explorer 5 - JavaScript Local File Enumeration (1)
exploitdb·2002-01-03
CVE-2002-2031 Microsoft Internet Explorer 5 - JavaScript Local File Enumeration (1)
Microsoft Internet Explorer 5 - JavaScript Local File Enumeration (1)
---
source: https://www.securityfocus.com/bid/3779/info
Microsoft Internet Explorer is prone to a vulnerability which may disclose sensitive information to a malicious webmaster.
When script code includes a file outside of the document it is embedded in and the file does not exist, the onError event handler will run script if it is enabled. This script can determine whether the file to be included exists or not. This can be used to verify the existence of files on client hosts by creating webpages that include files from the local host using 'file://'.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2002-01/0019.htmlhttp://www.iss.net/security_center/static/7784.phphttp://www.securityfocus.com/bid/3779http://archives.neohapsis.com/archives/bugtraq/2002-01/0019.htmlhttp://www.iss.net/security_center/static/7784.phphttp://www.securityfocus.com/bid/3779
2002-12-31
Published