{"vuid":"VU#39965","idnumber":"39965","name":"DHTML Edit Control for IE5 allows local files to be uploaded to web server","keywords":["DHTML Edit","ActiveX Control"],"overview":"A vulnerability exists in the DHTML Edit Control for IE5 that allows arbitrary local files to be uploaded to a web server.","clean_desc":"DHTML Edit is an activex control that is marked safe-for-scripting. This control can be embedded in a website, and permit local files to be remotely uploaded to the malicious server, if the file location is known. The ClassID of the vulnerable dhtmled.ocx activex control is {2D360201-FFF5-11D1-8D03-00A0C959BC0A}. According to the Microsoft Security Bulletin: - Microsoft Internet Explorer 5 on Windows 95, Windows 98, and Windows NT 4.0 are affected. - Microsoft Internet Explorer 5 on other platforms is not affected. - Microsoft Internet Explorer 4.0 on Windows 95, Windows 98 and the x86 version of Windows NT 4.0 are affected. - Microsoft Internet Explorer 4.0 on other platforms, including the Alpha version of Windows NT 4.0, is not affected.","impact":"Attacker can upload files with known names from the local hard drive to the server, and can read information that user supplies to the control.","resolution":"Apply the patch from Microsoft's Security Bulletin MS99-011. The patch changes control to restrict actions based on the domain.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported to Microsoft by Juan Carlos Cuartango of Spain.","author":"This document was written by Jason A Rafail.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","t","r","e","e","v","i","e","w","/","d","e","f","a","u","l","t",".","a","s","p","?","u","r","l","=","/","t","e","c","h","n","e","t","/","S","e","c","u","r","i","t","y","/","B","u","l","l","e","t","i","n","/","M","S","9","9","-","0","1","1",".","a","s","p"],"cveids":["CVE-1999-0487"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-08-18T20:37:51Z","publicdate":"1999-04-21T00:00:00Z","datefirstpublished":"2002-10-01T15:11:30Z","dateupdated":"2002-10-16T19:00:47Z","revision":14,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"17","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"5","cam_impact":"4","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"1.98","cam_scorecurrentwidelyknown":"2.25","cam_scorecurrentwidelyknownexploited":"4.05","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.98,"vulnote":null}