Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1325 — Microsoft Internet Explorer vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

12.4%

top 6.09%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer Microsoft Outlook Express

Timeline

PublishedApr 20

Latest updateApr 30

Description

Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/outlook_express5.0, 5.5+1

▶NVDmicrosoft/internet_explorer5.0, 5.5+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-54x3-chv9-w529: Internet Explorer 5↗2022-04-30

▶

CVEList

CVE-2001-1325: Internet Explorer 5↗2002-05-03

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 5.0/5.5 / OE 5.5 - XML Stylesheets Active Scripting↗2001-04-20

▶