CVE-1999-1578

Internet Explorer 4.01 and 5 - Remote Code Execution via Registration Wizard ActiveX Control

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1578. PoCs published by Shane Hird.

AI-analyzed exploit summary This is a functional exploit for a buffer overflow vulnerability in the Internet Explorer Registration Wizard control (regwizc.dll). It leverages a long string with a '/i' prefix to overflow the buffer, overwrite the return address, and execute arbitrary commands (e.g., CALC.EXE) via shellcode.

Description

Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Shane Hird · textlocalwindows

https://www.exploit-db.com/exploits/19528

View Code ZIP pw:eip

This is a functional exploit for a buffer overflow vulnerability in the Internet Explorer Registration Wizard control (regwizc.dll). It leverages a long string with a '/i' prefix to overflow the buffer, overwrite the return address, and execute arbitrary commands (e.g., CALC.EXE) via shellcode.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Internet Explorer 4.1/5.0 for Windows 95/Windows NT 4, Windows 98

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · Target system must have vulnerable version of Internet Explorer and regwizc.dll

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →