CVE-1999-0669

Internet Explorer - Remote Code Execution via Eyedog ActiveX Control

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0669. PoCs published by Shane Hird's.

AI-analyzed exploit summary This exploit targets a buffer overflow in the Eyedog ActiveX control (CLSID: 06A7EC63-4E21-11D0-A112-00A0C90543AA) marked 'safe for scripting'. It uses the MSInfoLoadFile method to trigger a crash by overwriting the return address with ExitProcess, causing the host application to terminate.

Description

The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Shane Hird's · textremotewindows

https://www.exploit-db.com/exploits/19487

View Code ZIP pw:eip

This exploit targets a buffer overflow in the Eyedog ActiveX control (CLSID: 06A7EC63-4E21-11D0-A112-00A0C90543AA) marked 'safe for scripting'. It uses the MSInfoLoadFile method to trigger a crash by overwriting the return address with ExitProcess, causing the host application to terminate.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer 4.0/5.0 with Eyedog ActiveX control

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious email with ActiveX enabled

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory third-party-advisory government-resource x_refsource_ciac

http://ciac.llnl.gov/ciac/bulletins/j-064.shtml

Scores

EPSS 0.0833

EPSS Percentile 94.2%

Details

Status published

Products (2)

microsoft/internet_explorer 4.0

microsoft/internet_explorer 5.0

Published Sep 01, 1999

Tracked Since Feb 18, 2026