CVE-1999-1453
published 1999-02-02CVE-1999-1453: Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.
PriorityP411low2.6CVSS 2.0
AVNACHAuNCPINAN
EXPLOIT
EPSS
11.22%
95.4th percentile
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for web pages invoking the MS Forms 2.0 TextBox ActiveX object (fm20.dll) combined with a paste() call to silently exfiltrate clipboard contents via a hidden form field. ↗
- →Detect JavaScript functions that call tb.paste() and then assign tb.text to a form field value, which is the pattern used to harvest clipboard data and submit it to a remote server. ↗
- ·The vulnerable ActiveX control (Forms 2.0) is only present on hosts where Visual Basic 5.0, Project 98, Outlook 98, or Office 97 has been installed — it does not ship with the base OS, so exploitation is limited to those environments. ↗
- ·The attack vector requires the victim to visit a malicious web site using Internet Explorer 4; the clipboard read is performed silently without user knowledge. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
1999-02-02
Published