Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1016 — Microsoft Internet Explorer vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

7.7%

top 8.08%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer Microsoft Outlook Express

Timeline

PublishedAug 27

Latest updateApr 30

Description

Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/outlook_express5.0

▶NVDmicrosoft/internet_explorer5.0

🔴Vulnerability Details

GHSA

GHSA-33jr-59q9-j8vq: Microsoft HTML control as used in (1) Internet Explorer 5↗2022-04-30

▶

CVEList

CVE-1999-1016: Microsoft HTML control as used in (1) Internet Explorer 5↗2001-09-12

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 5 - HTML Form Control Denial of Service↗1999-08-27

▶