Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0643 — Microsoft Internet Explorer vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

17.3%

top 4.94%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer

Timeline

PublishedSep 20

Latest updateApr 30

Description

Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer5.5

Patches

Patch: vil.nai.com ↗Patch: www.securityfocus.com ↗Patch: vil.nai.com ↗

🔴Vulnerability Details

GHSA

GHSA-c2hj-4gfw-x63q: Internet Explorer 5↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 5.5 - CLSID File Execution↗2001-04-17

▶