Description
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Fabien Royer · textlocalwindows
https://www.exploit-db.com/exploits/19376
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/501
Scores
EPSS
0.2707
EPSS Percentile
96.4%
Details
Status
published
Products (3)
microsoft/internet_information_server
3.0
microsoft/internet_information_server
4.0
microsoft/internet_information_services
2.0
Published
Feb 19, 1999
Tracked Since
Feb 18, 2026