CVE-1999-0874

Internet Information Server 4.0 - Denial of Service via Malformed .HTR/.IDC/.STM Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-1999-0874. PoCs published by Metasploit, Greg Hoglund, Stinko, including Metasploit module exploits/windows/iis/ms02_018_htr.

AI-analyzed exploit summary This exploit targets a buffer overflow in the ISAPI ISM.DLL used by IIS 4.0 to process HTR scripting. It sends a maliciously crafted HTTP GET request with an overly long .htr file path to trigger the overflow and execute arbitrary code.

Description

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16468

This exploit targets a buffer overflow in the ISAPI ISM.DLL used by IIS 4.0 to process HTR scripting. It sends a maliciously crafted HTTP GET request with an overly long .htr file path to trigger the overflow and execute arbitrary code.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS 4.0
No auth needed
Prerequisites: Network access to the target IIS server · IIS 4.0 with vulnerable ISM.DLL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Greg Hoglund · cremotewindows
https://www.exploit-db.com/exploits/19248

This exploit targets a buffer overflow vulnerability in Microsoft IIS when handling .HTR, .STM, or .IDC file extensions. It crafts a malicious HTTP request to overwrite the stack and execute arbitrary code, with support for custom payloads.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS (versions affected by CVE-1999-0874)
No auth needed
Prerequisites: Network access to target IIS server · Vulnerable IIS version with exposed .HTR/.STM/.IDC handlers
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Stinko · remotewindows
https://www.exploit-db.com/exploits/19246

This is a Metasploit module exploiting a buffer overflow in Microsoft IIS 4.0 via malformed .HTR requests. It targets specific Windows NT 4 service packs and delivers a payload to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS 4.0 (Windows NT 4 SP3/4/5)
No auth needed
Prerequisites: Target running IIS 4.0 on Windows NT 4 with vulnerable service pack · Network access to TCP port 80 or 443
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by eEye Digital Security Team · perlremotewindows
https://www.exploit-db.com/exploits/19245

This Perl script exploits a buffer overflow vulnerability in Microsoft IIS by sending HTTP requests with overly long filenames using .HTR, .STM, or .IDC extensions. The script iterates through buffer sizes to trigger the overflow, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft IIS 4.0
No auth needed
Prerequisites: Network access to the target IIS server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by eeye security · cremotelinux
https://www.exploit-db.com/exploits/19247

This exploit targets a buffer overflow vulnerability in Microsoft IIS 4.0 by sending a maliciously crafted HTTP request with an overly long URL containing shellcode. The exploit leverages the .HTR, .STM, or .IDC file extensions to trigger the overflow and execute arbitrary code.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS 4.0
No auth needed
Prerequisites: Network access to the target IIS server · IIS 4.0 with vulnerable DLLs handling .HTR, .STM, or .IDC extensions
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by stinko · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/iis/ms02_018_htr.rb

This Metasploit module exploits a buffer overflow in the ISAPI ISM.DLL used to process HTR scripting in IIS 4.0. It targets Windows NT 4.0 Service Packs 3, 4, and 5, and achieves remote code execution by sending a maliciously crafted HTTP GET request.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS 4.0
No auth needed
Prerequisites: Network access to the target IIS server · IIS 4.0 running on Windows NT 4.0 with specific service packs
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources third-party-advisory x_refsource_eeye
http://www.eeye.com/html/Research/Advisories/AD06081999.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A915
Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ234905
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/j-048.shtml

Scores

EPSS 0.7465
EPSS Percentile 99.4%

Details

CWE
CWE-119
Status published
Products (4)
microsoft/internet_information_server 4.0
microsoft/windows_2000
microsoft/windows_nt
microsoft/windows_nt 4.0
Published Jun 16, 1999
Tracked Since Feb 18, 2026