CVE-2001-0149

Windows Scripting Host - Info Disclosure

Title source: llm

Description

Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · htmlremotewindows

https://www.exploit-db.com/exploits/20243

View Code ZIP pw:eip

References (5)

[Mailing List] http://marc.info/?l=ntbugtraq&m=96999020527583&w=2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/1718

[Exploit, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/5293

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015

Scores

EPSS 0.4066

EPSS Percentile 97.4%

Details

Status published

Products (1)

microsoft/internet_explorer < 5.5

Published Jun 02, 2001

Tracked Since Feb 18, 2026