EIP-2026-118809

PRE-CVE

Microsoft Internet Explorer 5 - Classic Mode FTP Client Cross Domain Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118809. PoCs published by Matthew Murphy.

AI-analyzed exploit summary This exploit leverages a vulnerability in Microsoft Internet Explorer's FTP indexing in 'Classic Mode' to execute arbitrary script code in the security context of another FTP site. The PoC uses an FTP URL with embedded HTML/JS to trigger an XSS via the 'onerror' event.

Description

Microsoft Internet Explorer 5 - Classic Mode FTP Client Cross Domain Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Matthew Murphy · textremotewindows

https://www.exploit-db.com/exploits/22728

View Code ZIP pw:eip

This exploit leverages a vulnerability in Microsoft Internet Explorer's FTP indexing in 'Classic Mode' to execute arbitrary script code in the security context of another FTP site. The PoC uses an FTP URL with embedded HTML/JS to trigger an XSS via the 'onerror' event.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (FTP Classic Mode)

No auth needed

Prerequisites: Internet Explorer with FTP Classic Mode enabled · User interaction to navigate to malicious FTP URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026