CVE-1999-0981

Internet Explorer < 5.01 - Local File Access via Server-side Page Reference Redirect

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0981. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit leverages a vulnerability in older versions of Internet Explorer and Outlook where window.open can be used to redirect to a local file, allowing the contents of the file to be read or manipulated. The PoC demonstrates how an attacker could access local files if the filename and location are known.

Description

Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Georgi Guninski · textremotewindows
https://www.exploit-db.com/exploits/19591

This exploit leverages a vulnerability in older versions of Internet Explorer and Outlook where window.open can be used to redirect to a local file, allowing the contents of the file to be read or manipulated. The PoC demonstrates how an attacker could access local files if the filename and location are known.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer 4.0/5.0, Outlook 98
No auth needed
Prerequisites: Known local file path · User interaction to execute the script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246094

Scores

EPSS 0.1311
EPSS Percentile 95.9%

Details

CWE
CWE-59
Status published
Products (3)
microsoft/internet_explorer 4.0.1
microsoft/internet_explorer 5.0
microsoft/internet_explorer < 5.01
Published Dec 08, 1999
Tracked Since Feb 18, 2026