Description
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Georgi Guninski · remotewindows
https://www.exploit-db.com/exploits/20782
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6448
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2633
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/3AE02004.57FDF958%40guninski.com
Scores
EPSS
0.1236
EPSS Percentile
93.9%
Details
Status
published
Products (4)
microsoft/internet_explorer
5.0
microsoft/internet_explorer
5.5
microsoft/outlook_express
5.0
microsoft/outlook_express
5.5
Published
Apr 20, 2001
Tracked Since
Feb 18, 2026