CVE-2001-0150

Internet Explorer <5.5 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0150. PoCs published by Oliver Friedrichs.

AI-analyzed exploit summary This exploit leverages a client-side vulnerability in Services for Unix 2.0's telnet client logging feature. By crafting a malicious URL, an attacker can write arbitrary commands to a file in the startup directory, achieving remote command execution upon future user authentication.

Description

Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Oliver Friedrichs · htmlremotewindows

https://www.exploit-db.com/exploits/20680

View Code ZIP pw:eip

This exploit leverages a client-side vulnerability in Services for Unix 2.0's telnet client logging feature. By crafting a malicious URL, an attacker can write arbitrary commands to a file in the startup directory, achieving remote command execution upon future user authentication.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Services for Unix 2.0

No auth needed

Prerequisites: Victim must use Internet Explorer · Telnet client must be installed · Victim must have sufficient permissions to write to the startup directory

MITRE ATT&CK

T1204 - User Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →