Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0980 — Use of Invariant Value in Dynamically Changing Context in Microsoft Internet Explorer

CWE-344 — Use of Invariant Value in Dynamically Changing Context5 documents5 sources

Severity

7.5HIGHNVD

EPSS

40.4%

top 2.64%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer

Timeline

PublishedSep 24

Latest updateApr 30

Description

The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer5.5, 6.0+1

🔴Vulnerability Details

GHSA

GHSA-6rjq-cr77-fpj5: The Web Folder component for Internet Explorer 5↗2022-04-30

▶

CVEList

CVE-2002-0980: The Web Folder component for Internet Explorer 5↗2002-08-23

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Outlook Express 5/6 - MHTML URL Handler File Rendering↗2002-08-15

▶

📐Framework References

CWE

Use of Invariant Value in Dynamically Changing Context↗

▶