CVE-1999-1575

Kodak/Wang Image Edit - RCE

Title source: llm

Description

The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Shane Hird · textremotewindows

https://www.exploit-db.com/exploits/19515

View Code ZIP pw:eip

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/19521

View Code ZIP pw:eip

exploitdb WORKING POC

localwindows

https://www.exploit-db.com/exploits/19528

View Code ZIP pw:eip

References (8)

[US Government Resource] http://www.kb.cert.org/vuls/id/23412

[US Government Resource] http://www.kb.cert.org/vuls/id/24839

[US Government Resource] http://www.kb.cert.org/vuls/id/26924

[US Government Resource] http://www.kb.cert.org/vuls/id/41408

[US Government Resource] http://www.kb.cert.org/vuls/id/9162

[Exploit] http://www.securityfocus.com/archive/1/28719

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-037

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/7097

Scores

EPSS 0.3670

EPSS Percentile 97.2%

Details

Status published

Products (2)

microsoft/internet_explorer 4.0.1

microsoft/internet_explorer 5.0

Published Sep 10, 1999

Tracked Since Feb 18, 2026