cbcvebase.
CVE-2001-1410
published 2003-08-18

CVE-2001-1410: Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow…

PriorityP426medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
50.55%
98.8th percentile
Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

  • Detect use of window.createPopup() JavaScript method in web content, which is the core primitive exploited to create chromeless/borderless popup windows for UI spoofing
  • Look for JavaScript using window.createPopup() combined with document.body.innerHTML assignment and window.screenLeft/screenTop positioning — characteristic pattern of the spoofing PoC
  • Detect popup windows positioned using window.screenLeft and window.screenTop offsets to overlay browser chrome — used to simulate the address bar or OS UI elements
  • Watch for injected HTML content inside a createPopup window that renders a fake HTTPS URL string (e.g. 'https://') styled to mimic the browser address bar using Tahoma font at 8pt — classic address bar spoofing payload
  • ·Exploit targets Internet Explorer 5 and 6 only; window.createPopup() is not present in modern browsers, limiting scope to legacy IE environments
  • ·The attack is purely social-engineering based — no code execution occurs; the threat model is UI/address-bar spoofing to deceive users into trusting a malicious page as legitimate
  • ·The popup re-registers itself on unload (onunload= vuln_pop), making it persistent across navigation attempts within the same browser session — detection should account for repeated popup creation
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.