Unrated severityNVD Advisory· Published May 17, 1999· Updated Apr 16, 2026

CVE-1999-0489

Description

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.

Affected products

Microsoft/Windows Nt
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-015nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.014
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000