EIP-2026-118847

PRE-CVE

Microsoft Internet Explorer 7 - Combined JavaScript and XML Remote Information Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118847. PoCs published by Ronald van den Heetkamp.

AI-analyzed exploit summary This exploit leverages a flaw in Microsoft Internet Explorer's interaction between JavaScript and XML processing to disclose the first line of arbitrary files. It uses an XML external entity (XXE) to read local files when a user visits a malicious webpage.

Description

Microsoft Internet Explorer 7 - Combined JavaScript and XML Remote Information Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ronald van den Heetkamp · htmlremotewindows

https://www.exploit-db.com/exploits/31359

View Code ZIP pw:eip

This exploit leverages a flaw in Microsoft Internet Explorer's interaction between JavaScript and XML processing to disclose the first line of arbitrary files. It uses an XML external entity (XXE) to read local files when a user visits a malicious webpage.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Internet Explorer (version not specified)

No auth needed

Prerequisites: User must visit a malicious webpage · Vulnerable version of Internet Explorer

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026