EIP-2026-117501

PRE-CVE

Microsoft Internet Explorer 11 32-bit - Use-After-Free

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117501. PoCs published by Forrest Orr.

AI-analyzed exploit summary This is a functional exploit for CVE-2020-0674, targeting a use-after-free vulnerability in the legacy JScript engine (jscript.dll) of Internet Explorer 8-11. It bypasses DEP, ASLR, and EMET 5.5 protections by leveraging a stack pivot and syscall-based ROP chain to execute shellcode.

Description

Microsoft Internet Explorer 11 32-bit - Use-After-Free

Exploits (1)

exploitdb WORKING POC

by Forrest Orr · htmllocalwindows

https://www.exploit-db.com/exploits/49541

View Code ZIP pw:eip

This is a functional exploit for CVE-2020-0674, targeting a use-after-free vulnerability in the legacy JScript engine (jscript.dll) of Internet Explorer 8-11. It bypasses DEP, ASLR, and EMET 5.5 protections by leveraging a stack pivot and syscall-based ROP chain to execute shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Microsoft Internet Explorer 8-11 (32-bit)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer 8-11 · Legacy JScript engine must be active

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026