Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0028Microsoft Internet Explorer vulnerability

4 documents4 sources
Severity
2.6LOWNVD
EPSS
19.2%
top 4.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedDec 23
Latest updateApr 30

Description

Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/internet_explorer10 versions+9
NVDmicrosoft/ie4.0

🔴Vulnerability Details

2
GHSA
GHSA-c4m8-6h2p-36m8: Internet Explorer 52022-04-30
CVEList
CVE-2000-0028: Internet Explorer 52000-02-04

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 4/5/5.5/5.0.1 - external.NavigateAndFind() Cross-Frame1999-12-22
CVE-2000-0028 — Microsoft vulnerability | cvebase