CVE-2001-0722

Internet Explorer <6.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0722. PoCs published by Jouko Pynnonen.

AI-analyzed exploit summary This exploit leverages a cross-site scripting (XSS) vulnerability in the 'about:' protocol handler of Internet Explorer to access cookies from arbitrary websites via JavaScript embedded in a crafted URL.

Description

Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jouko Pynnonen · textremotewindows

https://www.exploit-db.com/exploits/21144

View Code ZIP pw:eip

This exploit leverages a cross-site scripting (XSS) vulnerability in the 'about:' protocol handler of Internet Explorer to access cookies from arbitrary websites via JavaScript embedded in a crafted URL.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Internet Explorer (versions affected by CVE-2001-0722)

No auth needed

Prerequisites: Victim must visit a malicious URL constructed with the 'about:' protocol

MITRE ATT&CK