CVE-1999-0489
published 1999-05-17CVE-1999-0489: MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted…
PriorityP334critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
12.45%
95.7th percentile
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_nt | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Internet Explorer 5.0 File Upload MSHTML.DLL privileges management (MS99-015)
vuldb·2026-04-19·CVSS 10.0
CVE-1999-0489 [CRITICAL] Microsoft Internet Explorer 5.0 File Upload MSHTML.DLL privileges management (MS99-015)
A vulnerability categorized as critical has been discovered in Microsoft Internet Explorer 5.0. Affected by this vulnerability is an unknown functionality in the library MSHTML.DLL of the component File Upload Handler. The manipulation results in improper privilege management.
This vulnerability is reported as CVE-1999-0489. The attack can be launched remotely. No exploit exists.
It is advisable to implement a patch to correct this issue.
GHSA
GHSA-r82c-58h4-qgvv: MSHTML
ghsa_unreviewed·2022-04-30
CVE-1999-0489 [HIGH] GHSA-r82c-58h4-qgvv: MSHTML
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
1999-05-17
Published