CVE-2002-0189

Internet Explorer 6.0 - Cross-Site Scripting via Local HTML Resource

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0189. PoCs published by GreyMagic Software.

AI-analyzed exploit summary This exploit leverages a domain validation bypass in Microsoft Internet Explorer's dialog functions (showModalDialog/showModelessDialog) by redirecting to a trusted resource (res://shdoclc.dll/analyze.dlg) while injecting arbitrary HTML into the Local Computer Zone. It uses a fake window object to bypass security checks and execute script in a privileged context.

Description

Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GreyMagic Software · textremotewindows

https://www.exploit-db.com/exploits/21750

View Code ZIP pw:eip

This exploit leverages a domain validation bypass in Microsoft Internet Explorer's dialog functions (showModalDialog/showModelessDialog) by redirecting to a trusted resource (res://shdoclc.dll/analyze.dlg) while injecting arbitrary HTML into the Local Computer Zone. It uses a fake window object to bypass security checks and execute script in a privileged context.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Internet Explorer (pre-MS02-047 patch)

No auth needed

Prerequisites: Victim must visit a malicious webpage · Internet Explorer with vulnerable version

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023

Scores

EPSS 0.1397

EPSS Percentile 96.1%

Details

Status published

Products (3)

microsoft/internet_explorer 5.0

microsoft/internet_explorer 5.5 (3 CPE variants)

microsoft/internet_explorer 6.0

Published May 29, 2002

Tracked Since Feb 18, 2026