Description
Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Makoto Shiotsuki · textlocalwindows
https://www.exploit-db.com/exploits/19473
References (3)
Core 3
Core References
Various Sources mailing-list
x_refsource_ntbugtraq
http://packetderm.cotse.com/mailing-lists/ntbugtraq/1999/0364.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/3289
Various Sources mailing-list
x_refsource_ntbugtraq
http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind9904&L=NTBUGTRAQ&P=R179
Scores
EPSS
0.0039
EPSS Percentile
60.3%
Details
Status
published
Products (1)
microsoft/internet_explorer
5.0
Published
Aug 25, 1999
Tracked Since
Feb 18, 2026