Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-1061Microsoft IE vulnerability

5 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
15.1%
top 5.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft IE
Timeline
PublishedDec 11
Latest updateApr 30

Description

Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/ie4.x, 5.x+1

🔴Vulnerability Details

2
GHSA
GHSA-7x8m-frjm-r4m8: Microsoft Virtual Machine (VM) in Internet Explorer 42022-04-30
CVEList
CVE-2000-1061: Microsoft Virtual Machine (VM) in Internet Explorer 42001-01-22

💥Exploits & PoCs

2
Exploit-DB
Microsoft Virtual Machine 2000/3100/3200/3300 Series - 'com.ms.activeX.ActiveXComponent' Arbitrary Program Execution2000-10-05
Exploit-DB
Halloween Linux 4.0 / SuSE Linux 6.0/6.1/6.2/6.3 - 'kreatecd' Local Privilege Escalation2000-03-16
CVE-2000-1061 — Microsoft IE vulnerability | cvebase