CVE-1999-0668

Vulnerability

The scriptlet.typelib ActiveX control, used by developers to generate Type Libraries for Windows Script Components, was incorrectly marked as "safe for scripting" in Internet Explorer 4.0 and 5.0 [1]. This marking allowed the control to be invoked from a web page without user confirmation, despite its ability to create or modify local files [1].

Exploitation

An attacker could host a malicious web page (or send an HTML email) that invokes the scriptlet.typelib control. Because the control was marked safe for scripting, Internet Explorer would load it automatically without prompting the user [1]. The attacker could then use the control's methods to write arbitrary files to the local system, as demonstrated by the Bubbleboy worm [1].

Impact

Successful exploitation allows a remote attacker to execute arbitrary commands with the privileges of the current user [1]. This can lead to full system compromise, including data theft, installation of malware, and further propagation within the network.

Mitigation

Microsoft released security bulletin MS99-032 on August 31, 1999, which includes a patch that removes the "safe for scripting" marking from scriptlet.typelib [1]. After applying the patch, Internet Explorer will prompt the user before loading the control, preventing silent exploitation. Users should apply the patch or upgrade to a later version of Internet Explorer [1].