CVE-2000-0400

Internet Explorer 5 - Unauthenticated Arbitrary File Download via Active Movie ActiveX Control

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0400. PoCs published by http-equiv.

AI-analyzed exploit summary This exploit leverages a vulnerability in the Microsoft Active Movie Control to download arbitrary files to the target's Temp directory. It demonstrates how an attacker could deliver malicious executables via an HTML document or email.

Description

The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.

Exploits (1)

exploitdb WORKING POC VERIFIED

by http-equiv · textremotewindows

https://www.exploit-db.com/exploits/19928

View Code ZIP pw:eip

This exploit leverages a vulnerability in the Microsoft Active Movie Control to download arbitrary files to the target's Temp directory. It demonstrates how an attacker could deliver malicious executables via an HTML document or email.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Active Movie Control (ActiveX)

No auth needed

Prerequisites: Target must visit a malicious webpage or open a malicious HTML email · ActiveX controls must be enabled in the target's browser

MITRE ATT&CK

T1189 - Drive-by Compromise T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=95868514521257&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1221

Scores

EPSS 0.0740

EPSS Percentile 93.6%

Details

CWE

CWE-20

Status published

Products (1)

microsoft/internet_explorer 5

Published May 13, 2000

Tracked Since Feb 18, 2026