CVE-2001-0038

Offline Explorer <1.4 SR2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0038. PoCs published by Dodger.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in MetaProducts Offline Explorer. The vulnerability allows unauthenticated remote users to retrieve directory listings via a simple HTTP GET request to port 800 with a drive letter.

Description

Offline Explorer 1.4 before Service Release 2 allows remote attackers to read arbitrary files by specifying the drive letter (e.g. C:) in the requested URL.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Dodger · textremotewindows
https://www.exploit-db.com/exploits/20488

This is a writeup describing an information disclosure vulnerability in MetaProducts Offline Explorer. The vulnerability allows unauthenticated remote users to retrieve directory listings via a simple HTTP GET request to port 800 with a drive letter.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: MetaProducts Offline Explorer (version not specified)
No auth needed
Prerequisites: Network access to the target system · Offline Explorer listening on port 800
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2084
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5728
Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-12/0078.html

Scores

EPSS 0.0333
EPSS Percentile 87.1%

Details

Status published
Products (4)
metaproducts/offline_explorer 1.0x
metaproducts/offline_explorer 1.1x
metaproducts/offline_explorer 1.2x
metaproducts/offline_explorer 1.3x
Published Feb 16, 2001
Tracked Since Feb 18, 2026