CVE-1999-0386

Microsoft Personal Web Server - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0386. PoCs published by kiborg.

AI-analyzed exploit summary This is a writeup describing a directory traversal vulnerability in Microsoft's Personal Web Server and Front Page Personal Web Server. The vulnerability allows unauthenticated read access to files on the same logical drive as the web content via '/..../' strings in URLs.

Description

Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.

Exploits (1)

exploitdb WRITEUP VERIFIED
by kiborg · textremotewindows
https://www.exploit-db.com/exploits/19753

This is a writeup describing a directory traversal vulnerability in Microsoft's Personal Web Server and Front Page Personal Web Server. The vulnerability allows unauthenticated read access to files on the same logical drive as the web content via '/..../' strings in URLs.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Personal Web Server, Front Page Personal Web Server (Win9x versions)
No auth needed
Prerequisites: Knowledge of the target file path
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/111

Scores

EPSS 0.1910
EPSS Percentile 97.0%

Details

Status published
Products (2)
microsoft/frontpage
microsoft/personal_web_server 4.0
Published Mar 01, 1999
Tracked Since Feb 18, 2026