Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0668 — Microsoft Internet Explorer vulnerability

3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

18.0%

top 4.83%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer

Timeline

PublishedAug 21

Latest updateApr 30

Description

The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer4.0, 5.0+1

🔴Vulnerability Details

GHSA

GHSA-mf4v-53v8-r6cm: The scriptlet↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 5 - ActiveX Object For Constructing Type Libraries For Scriptlets File Write↗1999-08-21

▶