Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0061Path Equivalence: 'filename.' (Trailing Dot) in Microsoft Internet Explorer

CWE-42Path Equivalence: 'filename.' (Trailing Dot)4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
16.2%
top 5.17%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedJan 7
Latest updateApr 30

Description

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/internet_explorer5 versions+4

🔴Vulnerability Details

1
GHSA
GHSA-2w55-jm9h-8pcw: Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, whic2022-04-30

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 4.0/4.0.1/5.0/5.0.1/5.5 - preview Security Zone Settings Lag2000-01-07

📐Framework References

1
CWE
Path Equivalence: 'filename.' (Trailing Dot)
CVE-2000-0061 — Microsoft vulnerability | cvebase