• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
19990607 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (19991205)
Votes (Legacy)
ACCEPT(1) Levy
MODIFY(1) Wall
NOOP(2) Baker, Ozancin
RECAST(1) Prosser
REJECT(1) Christey
Comments (Legacy)
 Frech> Wasn't Untrusted scripted paste MS98-015? I can find no mention of a
   clipboard in either.
   I cannot proceed on this one without further clarification.
 Wall> (source: MS:MS99-012)
 Prosser> agree with Andre here.  The Untrusted Scripted paste
   vulnerability was originally addressed in MS98-015 and it is in the file
   upload intrinsic control in which an attacker can paste the name of a file
   on the target's drive in the control and a form submission would then send
   that file from the attacked machine to the remote web site.  This one has
   nothing to do with the clipboard.  What the advisory mentioned here,
   MS99-012, does is replace the MSHTML parsing engine which is supposed to fix
   the original Untrusted Scripted Paste issue and a variant, as well as the
   two Cross-Frame variants and a privacy issue in IMG SRC.  
   The vulnerability that allowed reading of a user's clipboard is the Forms
   2.0 Active X control vulnerability discussed in MS99-01
 Christey> The advisory should have been listed as MS99-012.  
   CVE-1999-0468 describes the untrusted scripted paste problem
   in MS99-012.
 Frech> Pending response to guidance request. 12/6/01.

Proposed (Legacy)
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.