CVE-2000-0105

Outlook Express 5.01-Internet Explorer 5.01 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0105.

AI-analyzed exploit summary This exploit leverages a vulnerability in Microsoft Outlook Express 5 where HTML-parsed email messages can execute Active Scripting to read newly arrived messages. The provided JavaScript code opens a window that, when clicked, displays the content of the active message via the 'innerText' property.

Description

Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client.

Exploits (1)

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/19738

View Code ZIP pw:eip

This exploit leverages a vulnerability in Microsoft Outlook Express 5 where HTML-parsed email messages can execute Active Scripting to read newly arrived messages. The provided JavaScript code opens a window that, when clicked, displays the content of the active message via the 'innerText' property.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Outlook Express 5

No auth needed

Prerequisites: Victim must open the malicious email in Outlook Express 5

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/962

Scores

EPSS 0.2065

EPSS Percentile 97.2%

Details

Status published

Products (1)

microsoft/outlook_express 5.0

Published Feb 01, 2000

Tracked Since Feb 18, 2026