Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1575Microsoft Internet Explorer vulnerability

5 documents3 sources
Severity
5.1MEDIUMNVD
EPSS
36.7%
top 2.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedSep 10
Latest updateApr 30

Description

The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/internet_explorer4.0.1, 5.0+1

🔴Vulnerability Details

1
GHSA
GHSA-47wv-vjpm-2h95: The Kodak/Wang (1) Image Edit (imgedit2022-04-30

💥Exploits & PoCs

3
Exploit-DB
Microsoft Internet Explorer 4.1/5 - Registration Wizard Buffer Overflow1999-09-27
Exploit-DB
Microsoft Internet Explorer 4 (Windows 95/NT 4.0) - Setupctl ActiveX Control Buffer Overflow1999-09-27
Exploit-DB
Microsoft Internet Explorer 5.0/4.0.1 - hhopen OLE Control Buffer Overflow1999-09-27
CVE-1999-1575 — Microsoft vulnerability | cvebase