EIP-2026-118818

PRE-CVE

Microsoft Internet Explorer 5.5 - File Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118818. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit leverages the MSScriptControl.ScriptControl ActiveX object in Internet Explorer to read arbitrary local files via the GetObject function. It demonstrates an information leakage vulnerability by retrieving the contents of a known file (C:\TEST.TXT) and displaying it in an alert box.

Description

Microsoft Internet Explorer 5.5 - File Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · htmlremotewindows

https://www.exploit-db.com/exploits/20903

View Code ZIP pw:eip

This exploit leverages the MSScriptControl.ScriptControl ActiveX object in Internet Explorer to read arbitrary local files via the GetObject function. It demonstrates an information leakage vulnerability by retrieving the contents of a known file (C:\TEST.TXT) and displaying it in an alert box.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Internet Explorer (versions affected by CVE-2001-0339)

No auth needed

Prerequisites: Victim must visit a malicious webpage · Target file must exist at a known path

MITRE ATT&CK

T1119 - Automated Collection T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026