CVE-1999-0877

Vulnerability

Internet Explorer 5, as well as Internet Explorer 4.01 prior to Service Pack 2, contains a vulnerability where the Document.ExecCommand() method, when invoked on an IFRAME, bypasses security restrictions that normally prevent inappropriate file access. This allows a malicious website to read the contents of files on the visiting user's computer, provided the attacker knows the file name and folder path [1].

Exploitation

An attacker hosts a malicious website that invokes ExecCommand on an IFRAME. The user must visit the site with a vulnerable version of Internet Explorer. No additional user interaction beyond visiting the page is required. The attacker must know the exact path and filename of the target file to read its contents [1].

Impact

Successful exploitation allows the attacker to read arbitrary files on the user's computer, but not to list folder contents, create, modify, or delete files, or gain administrative control. Only file disclosure is possible, limited by the attacker's knowledge of file locations [1].

Mitigation

Microsoft released a patch that eliminates the vulnerability. The patch was initially released on October 15, 1999, but contained a regression error; a corrected version was re-released on November 4, 1999. Users of Internet Explorer 5 should apply the updated patch. Internet Explorer 4.01 users prior to Service Pack 2 should also apply the fix. No workarounds are documented [1].