EIP-2026-118865

PRE-CVE

Microsoft Outlook Express 6 - '.XML' File Attachment Script Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118865. PoCs published by http-equiv.

AI-analyzed exploit summary This exploit leverages a vulnerability in Microsoft Outlook Express where embedded XSL script code in an XML file can execute arbitrary code in the Local System security zone. The PoC demonstrates how script code can determine the Temporary Internet File directory location, leading to potential code execution.

Description

Microsoft Outlook Express 6 - '.XML' File Attachment Script Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by http-equiv · textremotewindows

https://www.exploit-db.com/exploits/21662

View Code ZIP pw:eip

This exploit leverages a vulnerability in Microsoft Outlook Express where embedded XSL script code in an XML file can execute arbitrary code in the Local System security zone. The PoC demonstrates how script code can determine the Temporary Internet File directory location, leading to potential code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Outlook Express 6

No auth needed

Prerequisites: Victim must open the malicious XML file attachment in Outlook Express

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026