CVE-1999-1575
Description
Multiple Kodak/Wang ActiveX controls in IE 4.01 and 5.0 are marked as safe for scripting, allowing remote attackers to create and modify files and execute arbitrary commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple Kodak/Wang ActiveX controls in IE 4.01 and 5.0 are marked as safe for scripting, allowing remote attackers to create and modify files and execute arbitrary commands.
Vulnerability
The vulnerability affects eight ActiveX controls distributed with Internet Explorer 4.01 and 5.0: Image Edit (imgedit.ocx), Image Annotation (imgedit.ocx), Image Scan (imgscan.ocx), Thumbnail Image (imgthumb.ocx), Image Admin (imgadmin.ocx), HHOpen (hhopen.ocx), Registration Wizard (regwizc.dll), and IE Active Setup (setupctl.dll) [1]. These controls are incorrectly marked as "Safe for Scripting," meaning they can be invoked by any web page without user interaction [2][3][4]. The issue is that these controls expose methods that allow file creation and modification, and can be used to execute arbitrary commands on the victim's machine.
Exploitation
An attacker needs only to host a malicious web page that scripts these ActiveX controls [1]. No authentication or additional privileges are required; the attack is performed when the victim visits the page using Internet Explorer 4.01 or 5.0. By crafting script that calls the vulnerable methods, the attacker can write arbitrary files to the system, including executables or scripts, and overwrite existing files [2][3][4]. The exact sequence involves constructing a web page that uses the object tag or script to instantiate the control and invoke its methods.
Impact
Successful exploitation allows an attacker to create and modify files on the victim's system, potentially leading to arbitrary command execution with the user's privileges [1][2]. The attacker can also overwrite critical system files, causing a denial-of-service condition [2]. Because the controls are invoked in the context of the IE process, the attacker gains the ability to perform any action the user could take, such as installing programs or stealing data.
Mitigation
Microsoft released a patch in Security Bulletin MS99-037 in September 1999, which sets kill bits for these ActiveX controls, preventing them from being loaded by Internet Explorer [1]. Additionally, users can disable the "Script ActiveX controls marked safe for scripting" setting in IE security zones, or set it to "prompt" as a workaround [2][3][4]. No other mitigations are known; the patch is the recommended solution.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
- (no CPE)range: 4.01, 5.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
8- www.securityfocus.com/archive/1/28719nvdExploit
- www.kb.cert.org/vuls/id/23412nvdUS Government Resource
- www.kb.cert.org/vuls/id/24839nvdUS Government Resource
- www.kb.cert.org/vuls/id/26924nvdUS Government Resource
- www.kb.cert.org/vuls/id/41408nvdUS Government Resource
- www.kb.cert.org/vuls/id/9162nvdUS Government Resource
- docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-037nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/7097nvd
News mentions
0No linked articles in our index yet.