Description
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Georgi Guninski · textremotewindows
https://www.exploit-db.com/exploits/19156
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=91745430007021&w=2
Mailing List mailing-list
x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=91756771207719&w=2
Scores
EPSS
0.0319
EPSS Percentile
87.0%
Details
Status
published
Published
Jan 26, 1999
Tracked Since
Feb 18, 2026