CVE-1999-1575
published 1999-09-10CVE-1999-1575: The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image…
PriorityP427medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
35.63%
98.3th percentile
The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer 4.1/5 - Registration Wizard Buffer Overflow
exploitdb·1999-09-27
CVE-1999-1578 Microsoft Internet Explorer 4.1/5 - Registration Wizard Buffer Overflow
Microsoft Internet Explorer 4.1/5 - Registration Wizard Buffer Overflow
---
Microsoft Internet Explorer 4.1/5.0 for Windows 95/Windows NT 4,Windows 98 Registration Wizard Buffer Overflow Vulnerability
source: https://www.securityfocus.com/bid/671/info
There is a buffer overflow in the Internet Explorer Registration Wizard control (regwizc.dll). This control is marked 'Safe for Scripting' . Arbitrary commands may be executed if the control is run in a malicious manner.
REGWIZC
The Registration Wizard control used by Microsoft to
register MS products also contains a buffer overrun in
the 'InvokeRegWizard' method. When called with a long
string, pre-pended with '/i', we can gain control of the
RET address and exploit the control in a similar manner as
the PDF control. This exploit will
Exploit-DB
Microsoft Internet Explorer 4 (Windows 95/NT 4.0) - Setupctl ActiveX Control Buffer Overflow
exploitdb·1999-09-27
CVE-1999-1575 Microsoft Internet Explorer 4 (Windows 95/NT 4.0) - Setupctl ActiveX Control Buffer Overflow
Microsoft Internet Explorer 4 (Windows 95/NT 4.0) - Setupctl ActiveX Control Buffer Overflow
---
Microsoft Internet Explorer 4.0 for Windows 95/Windows NT 4 Setupctl ActiveX Control Buffer Overflow
source: https://www.securityfocus.com/bid/667/info
There is a buffer overflow in the setupctl ActiveX control that used to ship with some versions of Microsoft's Internet Explorer. This ActiveX control is used to link to an update site at Microsoft and is marked 'Safe for Scripting' . Arbitrary commands may be executed if the ActiveX control is run in a malicious manner.
SETUPCTL
Apparently a control that was once used for the IE update
web site which is no longer in use, although it should
still exist on a lot of systems. With this exploit, similar
to the PDF exploit, ESP points to our co
Exploit-DB
Microsoft Internet Explorer 5.0/4.0.1 - hhopen OLE Control Buffer Overflow
exploitdb·1999-09-27
CVE-1999-1577 Microsoft Internet Explorer 5.0/4.0.1 - hhopen OLE Control Buffer Overflow
Microsoft Internet Explorer 5.0/4.0.1 - hhopen OLE Control Buffer Overflow
---
Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4/Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0 hhopen OLE Control Buffer Overflow Vulnerability
source: https://www.securityfocus.com/bid/669/info
There is a buffer overflow in the 1.0.0.1 version of the hhopen OLE control (hhopen.ocx) that ships with some versions of Internet Explorer. This control is marked 'Safe for Scripting' . Arbitrary commands may be executed if the OLE control is run in a malicious manner.
HHOPEN:
This control is a little more difficult to exploit, as the
RET address is in the middle of the string, and once again
there is no easy way to RET to our code, so I have RET'd to
ExitProcess directly
No writeups or analysis indexed.
http://www.kb.cert.org/vuls/id/23412http://www.kb.cert.org/vuls/id/24839http://www.kb.cert.org/vuls/id/26924http://www.kb.cert.org/vuls/id/41408http://www.kb.cert.org/vuls/id/9162http://www.securityfocus.com/archive/1/28719https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-037https://exchange.xforce.ibmcloud.com/vulnerabilities/7097http://www.kb.cert.org/vuls/id/23412http://www.kb.cert.org/vuls/id/24839http://www.kb.cert.org/vuls/id/26924http://www.kb.cert.org/vuls/id/41408http://www.kb.cert.org/vuls/id/9162http://www.securityfocus.com/archive/1/28719https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-037https://exchange.xforce.ibmcloud.com/vulnerabilities/7097
1999-09-10
Published