Remote Code Execution via XML Stylesheets in Internet Explorer and Outlook Express

Remote Code Execution via XML Stylesheets in Internet Explorer and Outlook Express

CVE-2001-1325 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).

Learn more about our Web Application Penetration Testing UK.