CVE-2001-0150

Internet Explorer <5.5 - Command Injection

Title source: llm

Description

Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Oliver Friedrichs · htmlremotewindows

https://www.exploit-db.com/exploits/20680

View Code ZIP pw:eip

References (4)

[Broken Link] http://www.osvdb.org/7816

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6230

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/2463

Scores

EPSS 0.1438

EPSS Percentile 94.4%

Details

CWE

CWE-88

Status published

Products (1)

microsoft/internet_explorer < 5.5

Published Jun 02, 2001

Tracked Since Feb 18, 2026