CVE-2001-0322

Internet Explorer - Denial of Service via Object Creation and Deletion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0322. PoCs published by Thor Larholm.

AI-analyzed exploit summary This exploit demonstrates a denial of service (DoS) vulnerability in MSHTML.DLL by manipulating JScript window objects, causing a crash due to a stack overflow. It is not exploitable for remote code execution but can crash Internet Explorer.

Description

MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Thor Larholm · htmldoswindows

https://www.exploit-db.com/exploits/20552

View Code ZIP pw:eip

This exploit demonstrates a denial of service (DoS) vulnerability in MSHTML.DLL by manipulating JScript window objects, causing a crash due to a stack overflow. It is not exploitable for remote code execution but can crash Internet Explorer.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (MSHTML.DLL)

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2202

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=97958685100219&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/5938

Scores

EPSS 0.2095

EPSS Percentile 97.2%

Details

Status published

Products (3)

microsoft/internet_explorer 4.0

microsoft/outlook 2000

microsoft/outlook_express 5.5

Published Jun 02, 2001

Tracked Since Feb 18, 2026