CVE-2003-0446

Internet Explorer 5.5 and 6.0 - Cross-Site Scripting via XML Parse Error

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0446. PoCs published by GreyMagic Software.

AI-analyzed exploit summary This is a writeup describing a cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer when parsing XML files with the MSXML parser. The vulnerability allows execution of script code if malicious HTML is included in the URL of an unparsable XML file.

Description

Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GreyMagic Software · textremotewindows

https://www.exploit-db.com/exploits/22783

View Code ZIP pw:eip

This is a writeup describing a cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer when parsing XML files with the MSXML parser. The vulnerability allows execution of script code if malicious HTML is included in the URL of an unparsable XML file.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by CVE-2003-0446)

No auth needed

Prerequisites: A web server hosting an unparsable XML file · Victim using a vulnerable version of Internet Explorer

MITRE ATT&CK