CVE-2003-1041

EXPLOITED

Microsoft IE - Path Traversal

Title source: rule
STIX 2.1

Exploitation Summary

CVE-2003-1041 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Arman Nayyeri.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in the showHelp() function to bypass Microsoft's patch for MS03-004, allowing arbitrary local CHM file execution. It demonstrates how an attacker could reference a malicious CHM file via traversal sequences.

Description

Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Arman Nayyeri · textdoswindows
https://www.exploit-db.com/exploits/23504

This exploit leverages a directory traversal vulnerability in the showHelp() function to bypass Microsoft's patch for MS03-004, allowing arbitrary local CHM file execution. It demonstrates how an attacker could reference a malicious CHM file via traversal sequences.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows (via Internet Explorer, Outlook, or Outlook Express)
No auth needed
Prerequisites: Victim interaction required (e.g., visiting a malicious webpage or opening a crafted email)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA04-196A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9320
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/187196
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/14105
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/348521

Scores

EPSS 0.6543
EPSS Percentile 98.5%

Details

VulnCheck KEV 2004-07-13
Status published
Products (5)
microsoft/ie 6 windows_server_2003_sp1
microsoft/ie 6.0 sp1
microsoft/internet_explorer 5
microsoft/internet_explorer 5.5 (3 CPE variants)
microsoft/internet_explorer 6.0
Published Jun 14, 2004
Tracked Since Feb 18, 2026