Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1410Microsoft Internet Explorer vulnerability

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
61.6%
top 1.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedAug 18
Latest updateApr 30

Description

Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-gv9x-7ph3-2p7v: Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window2022-04-30

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5/6 - JavaScript Interface Spoofing2001-10-21
CVE-2001-1410 — Microsoft vulnerability | cvebase