CVE-1999-1235

Internet Explorer 5.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1235. PoCs published by Makoto Shiotsuki.

AI-analyzed exploit summary This is a technical writeup describing an information leakage vulnerability in Microsoft Internet Explorer 5.0 where FTP credentials are stored in cleartext within index.dat files with insecure permissions. The writeup explains the vulnerability mechanics, file locations, and how an attacker can exploit traverse checking to access these files.

Description

Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Makoto Shiotsuki · textlocalwindows
https://www.exploit-db.com/exploits/19473

This is a technical writeup describing an information leakage vulnerability in Microsoft Internet Explorer 5.0 where FTP credentials are stored in cleartext within index.dat files with insecure permissions. The writeup explains the vulnerability mechanics, file locations, and how an attacker can exploit traverse checking to access these files.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer 5.0 for Windows 2000/Windows NT 4
No auth needed
Prerequisites: Access to the target system · Knowledge of the target username
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Various Sources mailing-list x_refsource_ntbugtraq
http://packetderm.cotse.com/mailing-lists/ntbugtraq/1999/0364.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/3289

Scores

EPSS 0.0273
EPSS Percentile 84.3%

Details

Status published
Products (1)
microsoft/internet_explorer 5.0
Published Aug 25, 1999
Tracked Since Feb 18, 2026