CVE-1999-0874

Microsoft Internet Information Server - Memory Corruption

Title source: rule

Description

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

Exploits (6)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16468

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Greg Hoglund · cremotewindows

https://www.exploit-db.com/exploits/19248

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Stinko · remotewindows

https://www.exploit-db.com/exploits/19246

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by eEye Digital Security Team · perlremotewindows

https://www.exploit-db.com/exploits/19245

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by eeye security · cremotelinux

https://www.exploit-db.com/exploits/19247

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by stinko · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/iis/ms02_018_htr.rb

View Code ZIP pw:eip

References (5)

[Various Sources] http://www.eeye.com/html/Research/Advisories/AD06081999.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A915

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-019

[Vendor Advisory] http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ234905

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/j-048.shtml

Scores

EPSS 0.8447

EPSS Percentile 99.3%

Details

CWE

CWE-119

Status published

Products (4)

microsoft/internet_information_server 4.0

microsoft/windows_2000

microsoft/windows_nt

microsoft/windows_nt 4.0

Published Jun 16, 1999

Tracked Since Feb 18, 2026