CVE-1999-0412

Internet Information Server - Privilege Escalation via ISAPI Extension

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0412. PoCs published by Fabien Royer.

AI-analyzed exploit summary This is a functional ISAPI extension exploit for CVE-1999-0412, which leverages the GetExtensionVersion() function in IIS to execute arbitrary code as SYSTEM. The provided code demonstrates a reboot attack by enabling the SE_SHUTDOWN_NAME privilege and calling ExitWindowsEx.

Description

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Fabien Royer · textlocalwindows
https://www.exploit-db.com/exploits/19376

This is a functional ISAPI extension exploit for CVE-1999-0412, which leverages the GetExtensionVersion() function in IIS to execute arbitrary code as SYSTEM. The provided code demonstrates a reboot attack by enabling the SE_SHUTDOWN_NAME privilege and calling ExitWindowsEx.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS (and potentially other NT web servers)
No auth needed
Prerequisites: Ability to place an ISAPI DLL on the target web server · Web server configured to execute ISAPI extensions
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/501

Scores

EPSS 0.1024
EPSS Percentile 95.1%

Details

Status published
Products (3)
microsoft/internet_information_server 3.0
microsoft/internet_information_server 4.0
microsoft/internet_information_services 2.0
Published Feb 19, 1999
Tracked Since Feb 18, 2026