CVE-1999-1575

The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.kb.cert.org/vuls/id/23412	US Government Resource
http://www.kb.cert.org/vuls/id/24839	US Government Resource
http://www.kb.cert.org/vuls/id/26924	US Government Resource
http://www.kb.cert.org/vuls/id/41408	US Government Resource
http://www.kb.cert.org/vuls/id/9162	US Government Resource
http://www.securityfocus.com/archive/1/28719	Exploit
https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-037
https://exchange.xforce.ibmcloud.com/vulnerabilities/7097

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:internet_explorer:4.0.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.0:::::::*

History

22 Jul 2021, 14:02

Type	Values Removed	Values Added
CPE	cpe:2.3:a:microsoft:ie:4.0.1:::::::* cpe:2.3:a:microsoft:ie:5.0:::::::*	cpe:2.3:a:microsoft:internet_explorer:5.0:::::::* cpe:2.3:a:microsoft:internet_explorer:4.0.1:::::::*

Information

Published : 1999-09-10 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-1999-1575

Mitre link : CVE-1999-1575

CVE.ORG link : CVE-1999-1575

JSON object : View

Products Affected

microsoft

internet_explorer

CWE

NVD-CWE-Other

{"id": "CVE-1999-1575", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "1999-09-10T04:00:00.000", "references": [{"url": "http://www.kb.cert.org/vuls/id/23412", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/24839", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/26924", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/41408", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/9162", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/28719", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-037", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7097", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as \"Safe for Scripting,\" which allows remote attackers to create and modify files and execute arbitrary commands."}], "lastModified": "2021-07-22T14:02:03.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}