• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
19990607 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20051028)
Votes (Legacy)
ACCEPT(4) Baker, LeBlanc, Levy, Northcutt
MODIFY(2) Frech, Prosser
REVIEWING(1) Christey
Comments (Legacy)
 Prosser> this is a modified Cross-Frame vulnerability that circumvents
   the original Cross-Frame Patch.  Addressed in MS Bulletin MS99.012
 Christey> Duplicate of CVE-1999-0490?
 LeBlanc> If Prosser is correct that this is MS99-012, accept
 Christey> BUGTRAQ:19990126 Javascript ecurity bug in Internet Explorer
   NTBUGTRAQ:19990128 Javascript %01 bug in Internet Explorer
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:ie-window-spoof(2069)

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.