CVE-1999-1016

Microsoft HTML Control - Denial of Service via Large HTML Form Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1016. PoCs published by Neon Bunny.

AI-analyzed exploit summary This HTML file exploits a denial-of-service vulnerability in Microsoft Internet Explorer 5.0 by using an excessively large HTML form field within a table, causing the application to hang and consume 100% CPU resources.

Description

Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Neon Bunny · htmldoswindows

https://www.exploit-db.com/exploits/19471

View Code ZIP pw:eip

This HTML file exploits a denial-of-service vulnerability in Microsoft Internet Explorer 5.0 by using an excessively large HTML form field within a table, causing the application to hang and consume 100% CPU resources.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4

No auth needed

Prerequisites: Victim must open the malicious HTML file in a vulnerable version of Internet Explorer 5.0

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List mailing-list x_refsource_ntbugtraq

http://marc.info/?l=ntbugtraq&m=93578772920970&w=2

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/606

Scores

EPSS 0.0770

EPSS Percentile 93.8%

Details

Status published

Products (4)

microsoft/frontpage

microsoft/internet_explorer 5.0

microsoft/outlook_express 5.0

qualcomm/eudora

Published Aug 27, 1999

Tracked Since Feb 18, 2026