CVE-1999-0869

Internet Explorer 3.x-4.01 - Frame Spoofing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0869. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit demonstrates a subframe spoofing vulnerability in older versions of Internet Explorer, allowing a malicious webpage to manipulate the content of subframes in a newly opened browser window. It leverages default security settings to potentially mislead users or steal sensitive information.

Description

Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · textremotewindows

https://www.exploit-db.com/exploits/19662

View Code ZIP pw:eip

This exploit demonstrates a subframe spoofing vulnerability in older versions of Internet Explorer, allowing a malicious webpage to manipulate the content of subframes in a newly opened browser window. It leverages default security settings to potentially mislead users or steal sensitive information.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Internet Explorer 4.1, 5.0, 4.0.1 for Windows 95/98/NT 4.0

No auth needed

Prerequisites: Victim must visit a malicious webpage · Internet Explorer with default security settings

MITRE ATT&CK

T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020

Scores

EPSS 0.1733

EPSS Percentile 96.7%

Details

Status published

Products (7)

microsoft/internet_explorer 3.0

microsoft/internet_explorer 3.0.1

microsoft/internet_explorer 3.0.2

microsoft/internet_explorer 3.2

microsoft/internet_explorer 4.0

microsoft/internet_explorer 4.0.1

netscape/navigator

Published Dec 01, 1998

Tracked Since Feb 18, 2026