• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer LoadPicture File Enumeration Weakness

Microsoft Internet Explorer is prone to an issue that may permit a remote site to enumerate the existence of files on the client system.

This may be exploited via abuse of the VBScript LoadPicture method. Exploitation of the weakness may assist in other attacks which depend on the attacker being able to determine whether or not certain files on the system exist.