Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0149 — Microsoft Internet Explorer vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

40.7%

top 2.62%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer

Timeline

PublishedJun 2

Latest updateApr 30

Description

Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer5.5

Patches

Patch: archives.neohapsis.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-p9ph-4v96-x6rg: Windows Scripting Host in Internet Explorer 5↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows Script Host 5.1/5.5 - 'GetObject()' File Disclosure↗2000-09-26

▶