Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0400Improper Input Validation in Microsoft Internet Explorer

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
16.3%
top 5.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedMay 13
Latest updateApr 30

Description

The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-wq95-mwj7-34mh: The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to do2022-04-30

💥Exploits & PoCs

1
Exploit-DB
Microsoft Active Movie Control 1.0 - Filetype2000-05-13
CVE-2000-0400 — Improper Input Validation in Microsoft | cvebase