CVE-1999-0668

Microsoft Internet Explorer scriptlet.typelib - ActiveX Command Execution

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0668. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit leverages the 'scriptlet.typlib' ActiveX control to write arbitrary files to the local disk, including executable files in the startup folder, leading to remote code execution upon system reboot. The PoC demonstrates file creation and execution via a malicious web page or email.

Description

The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · textremotewindows

https://www.exploit-db.com/exploits/19468

View Code ZIP pw:eip

This exploit leverages the 'scriptlet.typlib' ActiveX control to write arbitrary files to the local disk, including executable files in the startup folder, leading to remote code execution upon system reboot. The PoC demonstrates file creation and execution via a malicious web page or email.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4

No auth needed

Prerequisites: Victim must visit a malicious web page or open a malicious email · ActiveX controls must be enabled in Internet Explorer

MITRE ATT&CK

T1189 - Drive-by Compromise T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources third-party-advisory government-resource x_refsource_ciac

http://ciac.llnl.gov/ciac/bulletins/j-064.shtml

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-032

Vendor Advisory vendor-advisory x_refsource_mskb

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ240308

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/598

Scores

EPSS 0.2255

EPSS Percentile 97.4%

Details

Status published

Products (2)

microsoft/internet_explorer 4.0

microsoft/internet_explorer 5.0

Published Aug 21, 1999

Tracked Since Feb 18, 2026