CVE-1999-1241
published 1999-05-06CVE-1999-1241: Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the…
PriorityP338critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
14.42%
96.2th percentile
Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Internet Explorer 6.0.2900 FileSystemObject ActiveX Object privileges management (XFDB-2173)
vuldb·2026-04-19·CVSS 10.0
CVE-1999-1241 [CRITICAL] Microsoft Internet Explorer 6.0.2900 FileSystemObject ActiveX Object privileges management (XFDB-2173)
A vulnerability, which was classified as critical, was found in Microsoft Internet Explorer 6.0.2900. This affects an unknown part of the component FileSystemObject ActiveX Object. Executing a manipulation can lead to improper privilege management.
This vulnerability is tracked as CVE-1999-1241. The attack can be launched remotely. No exploit exists.
You should upgrade the affected component.
GHSA
GHSA-qxqf-rx8x-jgrw: Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the
ghsa_unreviewed·2022-04-30
CVE-1999-1241 [HIGH] GHSA-qxqf-rx8x-jgrw: Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the
Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
1999-05-06
Published