Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0447Microsoft Internet Explorer vulnerability

3 documents3 sources
Severity
5.1MEDIUMNVD
EPSS
32.5%
top 3.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedJul 24
Latest updateApr 29

Description

The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/internet_explorer5.01, 5.5, 6.0+2

🔴Vulnerability Details

1
GHSA
GHSA-rm83-v85h-374x: The Custom HTTP Errors capability in Internet Explorer 52022-04-29

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5 - Custom HTTP Error HTML Injection2003-06-17
CVE-2003-0447 — Microsoft vulnerability | cvebase