This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by sending a specially crafted HTML page which exploits the Windows Media Player IE Zone Access Control Bypass Vulnerability. You can force vulnerable clients to connect to the web server automatically by using this module to send them an specially designed e-mail to exploit this vulnerability if the client uses Outlook Express in the Internet Zone to read their mails. This exploit relies on a flaw in Windows Media Player that allows for untrusted content to access the Local Zone.
CVE Link
Exploit Platform
Exploit Type
Product Name