This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in the "devenum.dll" COM object when instantiated in Internet Explorer via a specially crafted HTML tag. When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack.
CVE Link
Exploit Platform
Exploit Type
Product Name