EIP-2026-118813

PRE-CVE

Microsoft Internet Explorer 5 - Shell: IFrame Cross-Zone Scripting (2)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118813. PoCs published by Cheng Peng Su.

AI-analyzed exploit summary This exploit leverages a weakness in Microsoft Internet Explorer's handling of shell: URIs to access local files and extract sensitive information such as user profiles, cookies, and system details. The PoC demonstrates an information leakage vulnerability by reading local files via crafted shell: URIs.

Description

Microsoft Internet Explorer 5 - Shell: IFrame Cross-Zone Scripting (2)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cheng Peng Su · htmlremotewindows

https://www.exploit-db.com/exploits/23679

View Code ZIP pw:eip

This exploit leverages a weakness in Microsoft Internet Explorer's handling of shell: URIs to access local files and extract sensitive information such as user profiles, cookies, and system details. The PoC demonstrates an information leakage vulnerability by reading local files via crafted shell: URIs.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by shell: URI handling vulnerability)

No auth needed

Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer

MITRE ATT&CK

T1119 - Automated Collection T1082 - System Information Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026