Exploitation Summary
EIP tracks 2 public exploits for CVE-2001-0875. PoCs published by cyber_flash, StatiC.
AI-analyzed exploit summary This exploit bypasses Windows XP SP2 security warnings by using the `execCommand('SaveAs')` function in Internet Explorer 6.0 to save a malicious executable disguised as an HTML file without triggering download warnings. It leverages a custom 404 error page to deliver the payload.
Description
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
Exploits (2)
This exploit bypasses Windows XP SP2 security warnings by using the `execCommand('SaveAs')` function in Internet Explorer 6.0 to save a malicious executable disguised as an HTML file without triggering download warnings. It leverages a custom 404 error page to deliver the payload.
This exploit demonstrates a file extension spoofing vulnerability in Internet Explorer, allowing a malicious webmaster to disguise executable files as harmless file types. The PoC includes PHP and ASP scripts to serve a file with a spoofed extension, potentially tricking users into executing malicious files.