CVE-1999-0891
published 1999-09-01CVE-1999-0891: The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
42.58%
98.5th percentile
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect use of the '#default#download' DHTML behavior in HTML content delivered to IE5 clients, which is the mechanism exploited to read arbitrary files via server-side redirect. ↗
- →Monitor for HTTP server-side redirects (3xx responses) that redirect a browser's startDownload request to local file paths (file:// URIs) or intranet resources, indicating zone-boundary bypass. ↗
- →Inspect outbound HTTP POST/GET requests from IE5 clients that carry file contents (e.g., SAM hive data or AUTOEXEC.BAT text) back to an external server, as the exploit can exfiltrate file contents via the callback function. ↗
- →Look for the JavaScript method 'startDownload' in client-side scripts on web pages, particularly when paired with local file paths or UNC paths as the first argument. ↗
- ·The vulnerability is limited to read-only access of text files or partial binary file content; it cannot be used to delete or modify files on the victim machine. ↗
- ·The exploit operates transparently to the end user, meaning there is no visible browser prompt or warning during exploitation, reducing the chance of user-based detection. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ242542http://www.ciac.org/ciac/bulletins/k-002.shtmlhttp://www.kb.cert.org/vuls/id/37828http://www.osvdb.org/11274http://www.securityfocus.com/bid/674https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-040http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ242542http://www.ciac.org/ciac/bulletins/k-002.shtmlhttp://www.kb.cert.org/vuls/id/37828http://www.osvdb.org/11274http://www.securityfocus.com/bid/674https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-040
1999-09-01
Published