A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
1999-11-11T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 5.1 (MEDIUM)
AV:N/AC:H/Au:N/C:P/I:P/A:P
4.9
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | microsoft | ie | 4.0 | Yes |
| Application | microsoft | ie | 4.0 | Yes |
| Application | microsoft | ie | 4.0.1 | Yes |
| Application | microsoft | ie | 4.0.1 | Yes |
| Application | microsoft | ie | 4.0.1 | Yes |
| Application | microsoft | ie | 4.1 | Yes |
| Application | microsoft | ie | 4.1 | Yes |
| Application | microsoft | ie | 4.1 | Yes |
| Application | microsoft | ie | 5 | Yes |
| Application | microsoft | ie | 5.0 | Yes |
| Application | microsoft | ie | 5.0 | Yes |
| Application | microsoft | ie | 5.0 | Yes |
| Application | microsoft | internet_explorer | 4.0 | Yes |
| Application | microsoft | outlook | 98 | Yes |
| Application | microsoft | outlook | 2000 | Yes |
| Application | microsoft | outlook_express | 4.27.3110.1 | Yes |
| Application | microsoft | outlook_express | 4.72.2106.4 | Yes |
| Application | microsoft | outlook_express | 4.72.3120.0 | Yes |
| Application | microsoft | outlook_express | 4.72.3612.1700 | Yes |
| Application | microsoft | outlook_express | 5.0 | Yes |