Vulnerability CVE-1999-1578

Vulnerability Name:

CVE-1999-1578 (CCN-3311)

Assigned:

1999-09-24

Published:

1999-09-24

Updated:

2021-07-22

Summary:

Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Other

References:

Source: CCN
Type: BugTraq Mailing List, Fri, 24 Sep 1999 04:06:52 -0000
Several ActiveX Buffer Overruns

Source: MITRE
Type: CNA
CVE-1999-1578

Source: CCN
Type: US-CERT VU#37556
InvokeRegWizard (regwizc.dll) ActiveX control has a buffer overflow

Source: CERT-VN
Type: Exploit, Patch, Third Party Advisory, US Government Resource
VU#37556

Source: CCN
Type: Microsoft Security Bulletin MS99-037 FAQ
Microsoft Security Bulletin (MS99-037): Frequently Asked Questions

Source: CCN
Type: Microsoft Security Bulletin MS99-037
Patch Available for 'ImportExportFavorites' Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
19990924 Several ActiveX Buffer Overruns

Source: BID
Type: Exploit, Patch
671

Source: CCN
Type: BID-671
Microsoft IE Registration Wizard Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
ie-registration-wiz-bo(3311)

Source: XF
Type: UNKNOWN
ie-registration-wiz-bo(3311)

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK