CVE-1999-0793

Internet Explorer - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0793. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit leverages a JavaScript URL redirection vulnerability in older versions of Internet Explorer to read local files and send their contents to a remote server. The attack involves tricking the browser into executing JavaScript in the local security zone context, bypassing same-origin restrictions.

Description

Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · textremotewindows

https://www.exploit-db.com/exploits/19559

View Code ZIP pw:eip

This exploit leverages a JavaScript URL redirection vulnerability in older versions of Internet Explorer to read local files and send their contents to a remote server. The attack involves tricking the browser into executing JavaScript in the local security zone context, bypassing same-origin restrictions.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer 5.0, 4.0.1 (Windows 2000/95/98/NT 4.0, Unix 5.0)

No auth needed

Prerequisites: Victim must visit a malicious website · Local file must exist and be accessible

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-043

Scores

EPSS 0.1329

EPSS Percentile 95.9%

Details

Status published

Products (2)

microsoft/internet_explorer 4.0.1

microsoft/internet_explorer 5.0

Published Nov 17, 1999

Tracked Since Feb 18, 2026