CVE-2000-0246

IIS 4.0-5.0 - Info Disclosure

Title source: llm

Description

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Adam Coyne · textremotemultiple

https://www.exploit-db.com/exploits/19824

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://www.microsoft.com/technet/support/kb.asp?ID=249599

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/1081

Scores

EPSS 0.8362

EPSS Percentile 99.3%

Details

Status published

Products (7)

microsoft/commercial_internet_system 2.0

microsoft/commercial_internet_system 2.5

microsoft/internet_information_server 4.0

microsoft/internet_information_services 5.0

microsoft/proxy_server 2.0

microsoft/site_server 3.0

microsoft/site_server_commerce 3.0

Published Mar 30, 2000

Tracked Since Feb 18, 2026