CVE-1999-1446

Vulnerability

Internet Explorer 3 records a history of all visited URLs in .DAT files located in the Temporary Internet Files and History folders (e.g., MM2048.DAT, MM256.DAT). When the user selects the 'Clear History' option via View/Options/Navigation, the files are not actually cleared; the history entries remain intact. The operating system's tailored display also hides these files from normal folder browsing, giving users a false sense of security. Affected versions include Internet Explorer 3 on Windows NT 4.0 and likely other platforms [1][2].

Exploitation

An attacker with local access to the system can navigate to the Temporary Internet Files or History folders and use any binary editor or simple commands (e.g., TYPE) to read the .DAT files. No special tools or privileges are required beyond physical or remote desktop access. The references confirm that a standard directory listing shows the folders as empty, but the .DAT files are present and readable [1][2].

Impact

Successful reading of these .DAT files reveals every URL the user has visited, including search queries and uploaded/downloaded content. This constitutes a significant information disclosure vulnerability, exposing the user's browsing history and potentially sensitive data (e.g., search terms submitted to web forms) to anyone with local system access [1][2].

Mitigation

Microsoft acknowledged the issue in a TechNet article, which advised users to warn about the dangers of snooping but did not provide a fix. No patched version of Internet Explorer 3 was released. As of the publication date, no workaround other than manually deleting the .DAT files (which may be denied access) or upgrading to a newer browser version is available [1]. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.