cbcvebase.
CVE-1999-1453
published 1999-02-02

CVE-1999-1453: Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.

PriorityP411low2.6CVSS 2.0
AVNACHAuNCPINAN
EXPLOIT
EPSS
11.22%
95.4th percentile
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.

Affected

1 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

otherMicrosoft Forms 2.0 TextBox ActiveX object
commandtb.paste(); document.forms(0).S1.value=tb.text;
  • Look for web pages invoking the MS Forms 2.0 TextBox ActiveX object (fm20.dll) combined with a paste() call to silently exfiltrate clipboard contents via a hidden form field.
  • Detect JavaScript functions that call tb.paste() and then assign tb.text to a form field value, which is the pattern used to harvest clipboard data and submit it to a remote server.
  • ·The vulnerable ActiveX control (Forms 2.0) is only present on hosts where Visual Basic 5.0, Project 98, Outlook 98, or Office 97 has been installed — it does not ship with the base OS, so exploitation is limited to those environments.
  • ·The attack vector requires the victim to visit a malicious web site using Internet Explorer 4; the clipboard read is performed silently without user knowledge.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.