CVE-1999-1578
Description
Buffer overflow in the InvokeRegWizard ActiveX control in IE 4.01 and 5 allows remote attackers to execute arbitrary commands via a malicious web page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in the InvokeRegWizard ActiveX control in IE 4.01 and 5 allows remote attackers to execute arbitrary commands via a malicious web page.
Vulnerability
The InvokeRegWizard ActiveX control (regwizc.dll, version 3.0.0.0) shipped with Microsoft Internet Explorer 4.01 and 5 contains a buffer overflow vulnerability. The control is marked as safe-for-scripting, allowing any web page to invoke it via the CLSID {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00}. The overflow occurs in the InvokeRegWizard method when processing an overly long argument [1].
Exploitation
An attacker can host a malicious web page that invokes the vulnerable ActiveX control through scripting, passing a crafted argument that triggers the buffer overflow. No authentication or user interaction beyond visiting the page is required, as the control is safe-for-scripting [1].
Impact
Successful exploitation allows a remote attacker to execute arbitrary commands on the victim's system with the privileges of the current user. This can lead to complete compromise of the affected machine [1].
Mitigation
No official patch was released by Microsoft for Internet Explorer 4.01 or 5. The vulnerable control was removed or disabled in later versions of Internet Explorer. Users of affected versions should upgrade to a supported browser or disable the ActiveX control via the kill bit [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
4- www.kb.cert.org/vuls/id/37556nvdExploitPatchThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/671nvdExploitPatch
- www.securityfocus.com/archive/1/28719nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/3311nvd
News mentions
0No linked articles in our index yet.