CVE-1999-0488
published 1999-04-21CVE-1999-0488: Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the…
PriorityP425high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
11.57%
95.5th percentile
Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Internet Explorer 4.0/4.0.1/5.0 Frame privileges management (MS99-012 / XFDB-2216)
vuldb·2026-04-19·CVSS 7.5
CVE-1999-0488 [HIGH] Microsoft Internet Explorer 4.0/4.0.1/5.0 Frame privileges management (MS99-012 / XFDB-2216)
A vulnerability classified as critical was found in Microsoft Internet Explorer 4.0/4.0.1/5.0. This affects an unknown function of the component Frame Handler. The manipulation results in improper privilege management.
This vulnerability is identified as CVE-1999-0488. The attack can be executed remotely. There is not any exploit available.
Applying a patch is advised to resolve this issue.
GHSA
GHSA-rmhf-3gpx-f5r8: Internet Explorer 4
ghsa_unreviewed·2022-04-30
CVE-1999-0488 [HIGH] GHSA-rmhf-3gpx-f5r8: Internet Explorer 4
Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
1999-04-21
Published