CVE-1999-0891

Internet Explorer 5 - Arbitrary File Read via Server-Side Redirect

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0891. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit leverages the DHTML Behaviors feature in Internet Explorer 5.0 to bypass security restrictions and read local files or files in other security zones via HTTP redirect manipulation. The PoC demonstrates how a malicious website can force an IE5 client to retrieve and display the contents of a local file (e.g., C:\AUTOEXEC.BAT) by exploiting the '#default#download' behavior.

Description

The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · textremotewindows

https://www.exploit-db.com/exploits/19530

View Code ZIP pw:eip

This exploit leverages the DHTML Behaviors feature in Internet Explorer 5.0 to bypass security restrictions and read local files or files in other security zones via HTTP redirect manipulation. The PoC demonstrates how a malicious website can force an IE5 client to retrieve and display the contents of a local file (e.g., C:\AUTOEXEC.BAT) by exploiting the '#default#download' behavior.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4

No auth needed

Prerequisites: Victim must be using Internet Explorer 5.0 · Victim must visit a malicious website hosting the exploit

MITRE ATT&CK