Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1328Microsoft IE vulnerability

6 documents4 sources
Severity
7.5HIGHNVD
EPSS
43.6%
top 2.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedFeb 19
Latest updateApr 29

Description

The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/internet_explorer5.0.1, 5.5, 6.0+2
NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-p598-2cg3-8qjf: The showHelp() function in Microsoft Internet Explorer 52022-04-29
CVEList
CVE-2003-1328: The showHelp() function in Microsoft Internet Explorer 52004-09-01

💥Exploits & PoCs

3
Exploit-DB
FloosieTek FTGate PRO 1.22 - SMTP MAIL FROM Buffer Overflow2003-05-06
Exploit-DB
FloosieTek FTGate PRO 1.22 - SMTP RCPT TO Buffer Overflow2003-05-06
Exploit-DB
Microsoft Internet Explorer 5 - ShowHelp Arbitrary Command Execution2003-02-05
CVE-2003-1328 — Microsoft IE vulnerability | cvebase