CVE-2000-0097

Microsoft Index Server - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0097. PoCs published by fredrik.widlund.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in Index Server 2.0 / Indexing Services via the .htw filetype handler (webhits.dll). It constructs a malicious HTTP GET request to read arbitrary files on the system by abusing the 'CiWebHitsFile' parameter.

Description

The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by fredrik.widlund · cremotewindows

https://www.exploit-db.com/exploits/19731

View Code ZIP pw:eip

This exploit leverages a directory traversal vulnerability in Index Server 2.0 / Indexing Services via the .htw filetype handler (webhits.dll). It constructs a malicious HTTP GET request to read arbitrary files on the system by abusing the 'CiWebHitsFile' parameter.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Index Server 2.0 / Indexing Services (Windows 2000)

No auth needed

Prerequisites: IIS with Index Server/Indexing Services enabled · Knowledge of target file paths

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/950

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/1210

Scores

EPSS 0.3588

EPSS Percentile 98.3%

Details

Status published

Products (1)

microsoft/index_server 2.0

Published Jan 26, 2000

Tracked Since Feb 18, 2026