Description
The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by http-equiv · textremotewindows
https://www.exploit-db.com/exploits/19928
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=95868514521257&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1221
Scores
EPSS
0.1635
EPSS Percentile
94.9%
Details
CWE
CWE-20
Status
published
Products (1)
microsoft/internet_explorer
5
Published
May 13, 2000
Tracked Since
Feb 18, 2026