Vulnerability Name:

CVE-1999-0347 (CCN-2069)

Assigned:1999-01-26
Published:1999-01-26
Updated:2016-10-18
Summary:Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
References:Source: CCN
Type: BugTraq Mailing List, Tue, 26 Jan 1999 08:46:03 PST
Javascript ecurity bug in Internet Explorer

Source: CCN
Type: BugTraq Mailing List, Fri, 9 Apr 1999 07:15:12 +0300
IE 5.0 security vulnerabilities - %01 bug again

Source: MITRE
Type: CNA
CVE-1999-0347

Source: MITRE
Type: CNA
CVE-1999-0469

Source: BUGTRAQ
Type: UNKNOWN
19990126 Javascript ecurity bug in Internet Explorer

Source: NTBUGTRAQ
Type: UNKNOWN
19990126 Javascript ecurity bug in Internet Explorer

Source: CCN
Type: BugTraq Mailing List, 1999-01-28 4:53:31
Javascript %01 bug in Internet Explorer

Source: CCN
Type: OSVDB ID: 5869
Microsoft IE MSHTML.DLL Javascript %01 URL Arbitrary File Access

Source: CCN
Type: OSVDB ID: 6080
Microsoft IE MSHTML.DLL Cross-Frame Script Execution

Source: CCN
Type: BID-197
Microsoft Internet Explorer Invalid Byte Cross-Frame Access Vulnerability

Source: XF
Type: UNKNOWN
ie-window-spoof(2069)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:microsoft:ie:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft ie *