CVE-1999-0917
Description
The Preloader ActiveX control in Internet Explorer 4.0 and 5.0 allows remote attackers to read arbitrary files from the user's local hard drive.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Preloader ActiveX control in Internet Explorer 4.0 and 5.0 allows remote attackers to read arbitrary files from the user's local hard drive.
Vulnerability
The Preloader ActiveX control, a legacy component included in Internet Explorer 4.0 and 5.0, can be misused by a malicious web site to read arbitrary files from the user's local hard drive [1]. The control is not used by these versions but remains present.
Exploitation
An attacker hosts a web page that invokes the Preloader ActiveX control. No special privileges or user interaction beyond visiting the page is required; the control can be called without prompting.
Impact
Successful exploitation allows the attacker to read any file on the local hard drive that the user can access, leading to information disclosure of sensitive data.
Mitigation
Microsoft released a patch in Security Bulletin MS99-018 on May 27, 1999, which removes the vulnerable control [1]. Users should apply the patch for Internet Explorer 4.0 and 5.0. No workaround is documented.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.