Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-2031Observable Internal Behavioral Discrepancy in Microsoft Internet Explorer

CWE-206Observable Internal Behavioral Discrepancy5 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
29.0%
top 3.41%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedDec 31
Latest updateApr 30

Description

Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/internet_explorer4 versions+3

🔴Vulnerability Details

1
GHSA
GHSA-wjrw-5gw4-gjwc: Internet Explorer 52022-04-30

💥Exploits & PoCs

2
Exploit-DB
Microsoft Internet Explorer 5 - JavaScript Local File Enumeration (2)2002-01-03
Exploit-DB
Microsoft Internet Explorer 5 - JavaScript Local File Enumeration (1)2002-01-03

📐Framework References

1
CWE
Observable Internal Behavioral Discrepancy
CVE-2002-2031 — Microsoft vulnerability | cvebase