Microsoft Internet Explorer Embedded Executable File Execution Vulnerability

vendor:

Internet Explorer

by:

SecurityFocus

7.5

CVSS

HIGH

Embedded Executable File Execution

CWE

Product Name: Internet Explorer

Affected Version From: Microsoft Internet Explorer 5.0

Affected Version To: Microsoft Internet Explorer 6.0

Patch Exists: NO

Related CWE: N/A

CPE: a:microsoft:internet_explorer

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2002

Microsoft Internet Explorer Embedded Executable File Execution Vulnerability

Microsoft Internet Explorer contains a vulnerability that can allow script code within an HTML document to run an embedded executable file. Since the file is an HTML file, Internet Explorer will open and parse the file. When the script that points back to the embedded executable is parsed, the embedded executable will run on the client system in the security context of Internet Explorer.

Mitigation:

Users should avoid opening HTML documents from untrusted sources.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6961/info

Microsoft Internet Explorer contains a vulnerability that can allow script code within an HTML document to run an embedded executable file. Since the file is an HTML file, Internet Explorer will open and parse the file. When the script that points back to the embedded executable is parsed, the embedded executable will run on the client system in the security context of Internet Explorer.

There have been reports that some users may not be able to reproduce this vulnerability. When more information becomes available, this record will be updated.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22288-1.zip

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22338.zip