CVE-1999-0372
Microsoft BackOffice Server - Unprotected Credential Exposure via Reboot.ini
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-1999-0372. PoCs published by Russ Cooper.
AI-analyzed exploit summary This is a writeup describing an information leak vulnerability in Microsoft BackOffice 4.0 where clear-text credentials are stored in an insecure file (reboot.ini) with overly permissive ACLs.
Description
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Russ Cooper · textlocalwindows
https://www.exploit-db.com/exploits/19192
This is a writeup describing an information leak vulnerability in Microsoft BackOffice 4.0 where clear-text credentials are stored in an insecure file (reboot.ini) with overly permissive ACLs.
Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Microsoft BackOffice 4.0
No auth needed
Prerequisites:
Access to the file system where BackOffice 4.0 is installed
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_mskb
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ217004
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-005
Scores
EPSS
0.0455
EPSS Percentile
90.5%
Details
CWE
CWE-200
Status
published
Products (3)
microsoft/backoffice
4.0
microsoft/windows_2000
microsoft/windows_nt
Published
Feb 12, 1999
Tracked Since
Feb 18, 2026