This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by sending a specially crafted HTML page which exploits the NIS 2004 (ISLALERT.DLL) Activex vulnerability. You can force vulnerable clients to connect to the web server automatically by using this module to send them a specially designed e-mail to exploit this vulnerability if the client uses Outlook Express to read their mails. In order to successfully exploit this vulnerability, the outlook express option "Internet zone (Less secure, but more functional)" in "Options->SECURITY" must be enabled. By default this option comes disabled, if the victim receives the exploit's mail with this option disabled, he will see the following warning: "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly.".
CVE Link
Exploit Platform
Exploit Type
Product Name