Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2291 — Microsoft IE vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

16.4%

top 5.13%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft IE Microsoft Internet Explorer

Timeline

PublishedDec 31

Latest updateApr 29

Description

Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer5.5, 6.0+1

▶NVDmicrosoft/ie6.0

🔴Vulnerability Details

GHSA

GHSA-vmrh-3f5r-7p82: Microsoft Windows Internet Explorer 5↗2022-04-29

▶

CVEList

CVE-2004-2291: Microsoft Windows Internet Explorer 5↗2005-08-04

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer - Remote Application.Shell↗2004-07-09

▶