Exploitation Summary
EIP tracks 1 public exploit for CVE-1999-1235. PoCs published by Makoto Shiotsuki.
AI-analyzed exploit summary This is a technical writeup describing an information leakage vulnerability in Microsoft Internet Explorer 5.0 where FTP credentials are stored in cleartext within index.dat files with insecure permissions. The writeup explains the vulnerability mechanics, file locations, and how an attacker can exploit traverse checking to access these files.
Description
Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link.
Exploits (1)
This is a technical writeup describing an information leakage vulnerability in Microsoft Internet Explorer 5.0 where FTP credentials are stored in cleartext within index.dat files with insecure permissions. The writeup explains the vulnerability mechanics, file locations, and how an attacker can exploit traverse checking to access these files.