VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 1, 1999· Updated Apr 16, 2026

CVE-1999-0669

CVE-1999-0669

Description

Eyedog ActiveX control in Internet Explorer is vulnerable to remote command execution via buffer overflow, allowing arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Eyedog ActiveX control in Internet Explorer is vulnerable to remote command execution via buffer overflow, allowing arbitrary code execution.

Vulnerability

The Eyedog ActiveX control, when used with Internet Explorer, is marked as 'safe for scripting' despite containing a buffer overflow vulnerability. This control allows registry access and information gathering. The vulnerability lies within the MSInfoLoadFile method and affects Microsoft Internet Explorer 4.0 and 5.0 on Windows 95, NT 4, 98, and 2000 [1].

Exploitation

An attacker can exploit this vulnerability by tricking a user into visiting a malicious webpage or opening a malicious email containing the Eyedog ActiveX control. The exploit involves calling the MSInfoLoadFile method with a specially crafted string that triggers the buffer overflow. The provided exploit example demonstrates overwriting the return address to point to ExitProcess, causing the host application to terminate [1].

Impact

Successful exploitation allows a remote attacker to execute arbitrary commands with the privileges of the user running Internet Explorer. The provided exploit targets the ExitProcess function, which would terminate the host process, demonstrating code execution capabilities [1].

Mitigation

No specific patch or fixed version information is available in the provided references. Users are advised to disable ActiveX controls in Internet Explorer or avoid visiting untrusted websites. The Eyedog ActiveX control is known to be vulnerable and should be considered unsafe for use [1].

References
  1. Microsoft Internet Explorer 4/5 - ActiveX 'Eyedog' Remote Overflow

AI Insight generated on Jun 6, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Microsoft/Internet Explorer2 versions
    cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.