Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Microsoft Internet Explorer LoadPicture File Enumeration Weakness

Feb 12, 2004 4:30AM PST

Microsoft Internet Explorer is prone to an issue that may permit a remote site to enumerate the existence of files on the client system.

This may be exploited via abuse of the VBScript LoadPicture method. Exploitation of the weakness may assist in other attacks which depend on the attacker being able to determine whether or not certain files on the system exist.

http://www.securityfocus.com/bid/9611/discussion/

Discussion is locked