Description
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Mnemonix · textremotewindows
https://www.exploit-db.com/exploits/19152
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/194
Scores
EPSS
0.2533
EPSS Percentile
96.2%
Details
Status
published
Products (4)
microsoft/internet_information_server
3.0
microsoft/internet_information_server
4.0
microsoft/internet_information_services
2.0
microsoft/internet_information_services
5.0
Published
Jan 26, 1999
Tracked Since
Feb 18, 2026