CVE-2001-0643

Internet Explorer 5.5 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0643. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit describes a flaw in Windows CLSID handling where appending a CLSID to a filename can alter the default action, potentially executing malicious files disguised as harmless ones (e.g., .jpg). The writeup references a GitLab link for a binary exploit but does not include executable code.

Description

Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Georgi Guninski · textremotewindows

https://www.exploit-db.com/exploits/20774

View Code ZIP pw:eip

This exploit describes a flaw in Windows CLSID handling where appending a CLSID to a filename can alter the default action, potentially executing malicious files disguised as harmless ones (e.g., .jpg). The writeup references a GitLab link for a binary exploit but does not include executable code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows (versions affected by CVE-2001-0643)

No auth needed

Prerequisites: User interaction to open the malicious file

MITRE ATT&CK