MS06-044 - Internet Explorer 5.x
Microsoft released MS06-044 to address a local zone privilege escalation vulnerability I reported in Internet Explorer 5 on Windows 2000. According to Microsoft, over five million people are still using the Windows Update service with Internet Explorer 5. This vulnerability exploits a XSS flaw in the RT_HTML resource of a DLL included with Windows 2000. The demonstration below will use this XSS flaw to execute calc.exe on vulnerable systems.