CVE-2003-0809

Internet Explorer <6.0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0809. PoCs published by http-equiv.

AI-analyzed exploit summary This exploit leverages a vulnerability in Internet Explorer's handling of object types in XML-based web pages. By embedding a malicious object tag, an attacker can execute arbitrary code on the victim's system. The exploit is delivered via a crafted XML file with an embedded object referencing a malicious payload.

Description

Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.

Exploits (1)

exploitdb WORKING POC VERIFIED

by http-equiv · textremotewindows

https://www.exploit-db.com/exploits/23122

View Code ZIP pw:eip

This exploit leverages a vulnerability in Internet Explorer's handling of object types in XML-based web pages. By embedding a malicious object tag, an attacker can execute arbitrary code on the victim's system. The exploit is delivered via a crafted XML file with an embedded object referencing a malicious payload.

Classification

Working Poc 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by CVE-2003-0809)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a crafted XML file in Internet Explorer

MITRE ATT&CK