CVE-1999-0489
Date: 1999-12-05
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.
References:
Frech: Wasn't Untrusted scripted paste MS98-015? I can find no mention of a clipboard in either. I cannot proceed on this one without further clarification
Wall: (source: MS:MS99-012
Prosser: agree with Andre here. The Untrusted Scripted paste vulnerability was originally addressed in MS98-015 and it is in the file upload intrinsic control in which an attacker can paste the name of a file on the target's drive in the control and a form submission would then send that file from the attacked machine to the remote web site. This one has nothing to do with the clipboard. What the advisory mentioned here, MS99-012, does is replace the MSHTML parsing engine which is supposed to fix the original Untrusted Scripted Paste issue and a variant, as well as the two Cross-Frame variants and a privacy issue in IMG SRC. The vulnerability that allowed reading of a user's clipboard is the Forms 2.0 Active X control vulnerability discussed in MS99-0
Christey: The advisory should have been listed as MS99-012. CVE-1999-0468 describes the untrusted scripted paste problem in MS99-012
Frech: Pending response to guidance request. 12/6/01