Description
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Mnemonix · textremotewindows
https://www.exploit-db.com/exploits/19147
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=91638375309890&w=2
Mailing List mailing-list
x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=91632724913080&w=2
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/189
Scores
EPSS
0.5026
EPSS Percentile
97.9%
Details
Status
published
Products (1)
microsoft/internet_information_server
4.0
Published
Jan 14, 1999
Tracked Since
Feb 18, 2026