CVE-2001-0875

Internet Explorer <6.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-0875. PoCs published by cyber_flash, StatiC.

AI-analyzed exploit summary This exploit bypasses Windows XP SP2 security warnings by using the `execCommand('SaveAs')` function in Internet Explorer 6.0 to save a malicious executable disguised as an HTML file without triggering download warnings. It leverages a custom 404 error page to deliver the payload.

Description

Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.

Exploits (2)

exploitdb WORKING POC VERIFIED
by cyber_flash · textremotewindows
https://www.exploit-db.com/exploits/641

This exploit bypasses Windows XP SP2 security warnings by using the `execCommand('SaveAs')` function in Internet Explorer 6.0 to save a malicious executable disguised as an HTML file without triggering download warnings. It leverages a custom 404 error page to deliver the payload.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Internet Explorer 6.0 on Windows XP SP2
No auth needed
Prerequisites: Victim must be using Internet Explorer 6.0 on Windows XP SP2 · Victim must click a link to trigger the exploit
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by StatiC · textremotewindows
https://www.exploit-db.com/exploits/21164

This exploit demonstrates a file extension spoofing vulnerability in Internet Explorer, allowing a malicious webmaster to disguise executable files as harmless file types. The PoC includes PHP and ASP scripts to serve a file with a spoofed extension, potentially tricking users into executing malicious files.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Internet Explorer (versions affected by CVE-2001-0875)
No auth needed
Prerequisites: A web server (Apache/PHP or IIS/ASP) · A file to serve (e.g., calc.exe) · User interaction to download the file
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/245594
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7636
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1014
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3597

Scores

EPSS 0.2806
EPSS Percentile 97.9%

Details

Status published
Products (2)
microsoft/internet_explorer 5.5
microsoft/internet_explorer 6.0
Published Nov 26, 2001
Tracked Since Feb 18, 2026