CVE-2002-1688

Microsoft Internet Explorer <6.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1688. PoCs published by Andreas Sandblad.

AI-analyzed exploit summary This exploit leverages a vulnerability in Internet Explorer 5.5 and 6.0 where JavaScript URLs stored in the browser history can execute in the context of a previously visited page. The PoC demonstrates arbitrary file execution, file reading, and cookie theft via crafted JavaScript URLs triggered by the back button.

Description

The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Andreas Sandblad · htmlremotewindows
https://www.exploit-db.com/exploits/21376

This exploit leverages a vulnerability in Internet Explorer 5.5 and 6.0 where JavaScript URLs stored in the browser history can execute in the context of a previously visited page. The PoC demonstrates arbitrary file execution, file reading, and cookie theft via crafted JavaScript URLs triggered by the back button.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 5.5, 6.0
No auth needed
Prerequisites: User interaction (clicking a link and pressing the back button) · Target using a vulnerable version of Internet Explorer
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4505
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8844
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/267561

Scores

EPSS 0.1746
EPSS Percentile 96.7%

Details

Status published
Products (2)
microsoft/internet_explorer 5.5 (3 CPE variants)
microsoft/internet_explorer 6.0
Published Dec 31, 2002
Tracked Since Feb 18, 2026