Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2090Microsoft IE vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
39.4%
top 2.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedFeb 7
Latest updateApr 29

Description

Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/internet_explorer5.0.1, 5.5, 6.0+2
NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-874q-x67w-8ccx: Microsoft Internet Explorer 52022-04-29
CVEList
CVE-2004-2090: Microsoft Internet Explorer 52005-05-19

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5.0.1 - LoadPicture File Enumeration2004-02-07
CVE-2004-2090 — Microsoft IE vulnerability | cvebase