CVE-2010-1175

Microsoft Internet Explorer 7.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1175. PoCs published by krafty.

AI-analyzed exploit summary This exploit leverages a heap corruption vulnerability in Internet Explorer (CVE-2008-4844) via malformed XML data. It uses a heap spray technique to achieve reliable code execution, demonstrated by launching the calculator (calc.exe).

Description

Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by krafty · htmlremotewindows

https://www.exploit-db.com/exploits/7477

View Code ZIP pw:eip

This exploit leverages a heap corruption vulnerability in Internet Explorer (CVE-2008-4844) via malformed XML data. It uses a heap spray technique to achieve reliable code execution, demonstrated by launching the calculator (calc.exe).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Internet Explorer 7 on Windows XP SP2/SP3 and Vista

No auth needed

Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/510280/100/0/threaded

Scores

EPSS 0.1404

EPSS Percentile 96.1%

Details

Status published

Products (1)

microsoft/internet_explorer 7.0

Published Mar 29, 2010

Tracked Since Feb 18, 2026