CVE-2002-0191

Microsoft Internet Explorer 5.01, 5.5, 6.0 - Unauthenticated Arbitrary File Read via cssText Property

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0191. PoCs published by GreyMagic Software.

AI-analyzed exploit summary This exploit leverages a vulnerability in Microsoft Internet Explorer's CSS interpreter to read arbitrary files on a user's system by abusing the cssText property of the styleSheet object. The PoC demonstrates file content extraction via a malicious webpage, with a specific example targeting 'c:/test.txt'.

Description

Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GreyMagic Software · textremotewindows

https://www.exploit-db.com/exploits/21361

View Code ZIP pw:eip

This exploit leverages a vulnerability in Microsoft Internet Explorer's CSS interpreter to read arbitrary files on a user's system by abusing the cssText property of the styleSheet object. The PoC demonstrates file content extraction via a malicious webpage, with a specific example targeting 'c:/test.txt'.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by CVE-2002-0191)

No auth needed

Prerequisites: Victim must visit a malicious webpage · Target file must exist and contain a '{' character

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1119 - Automated Collection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4411

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=101778302030981&w=2

Patch, Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/8740.php

Scores

EPSS 0.2969

EPSS Percentile 98.0%

Details

Status published

Products (3)

microsoft/internet_explorer 5.01 (3 CPE variants)

microsoft/internet_explorer 5.5 (3 CPE variants)

microsoft/internet_explorer 6.0

Published May 29, 2002

Tracked Since Feb 18, 2026