EIP-2026-118808

PRE-CVE

Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4.0) - XML HTTP Redirect

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118808. PoCs published by Georgi Guninksi.

AI-analyzed exploit summary This exploit leverages a vulnerability in Microsoft Internet Explorer 5.0's XML processing to read local files (e.g., AUTOEXEC.BAT) via an XML HTTP redirect. The PoC uses an XML object to fetch local file content and displays it in a new window, demonstrating an information leak vulnerability.

Description

Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4.0) - XML HTTP Redirect

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninksi · textremotewindows

https://www.exploit-db.com/exploits/19637

View Code ZIP pw:eip

This exploit leverages a vulnerability in Microsoft Internet Explorer 5.0's XML processing to read local files (e.g., AUTOEXEC.BAT) via an XML HTTP redirect. The PoC uses an XML object to fetch local file content and displays it in a new window, demonstrating an information leak vulnerability.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer 5.0 (Windows 2000/95/98/NT 4, Unix)

No auth needed

Prerequisites: Victim must visit a malicious webpage · Target system must have IE5 installed

MITRE ATT&CK

T1119 - Automated Collection T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026