CVE-2000-0260

Microsoft Visual Interdev 1.0 - Buffer Overflow in dvwssr.dll

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-0260. PoCs published by Richie & Beto, rain forest puppy.

AI-analyzed exploit summary This Perl script exploits a buffer overflow in dvwssr.dll, part of FrontPage 98 extensions for IIS, by sending an overly long GET request. The vulnerability can cause a denial of service and potentially allow remote code execution.

Description

Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Richie & Beto · perlremotewindows

https://www.exploit-db.com/exploits/19846

View Code ZIP pw:eip

This Perl script exploits a buffer overflow in dvwssr.dll, part of FrontPage 98 extensions for IIS, by sending an overly long GET request. The vulnerability can cause a denial of service and potentially allow remote code execution.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft FrontPage 98 extensions for IIS (dvwssr.dll)

No auth needed

Prerequisites: Network access to vulnerable IIS server with FrontPage 98 extensions

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by rain forest puppy · perlremotewindows

https://www.exploit-db.com/exploits/19845

View Code ZIP pw:eip

This exploit leverages a path obfuscation vulnerability in FrontPage 98 extensions for IIS (dvwssr.dll and mtd2lv.dll) to retrieve arbitrary .asp or .asa source files, including those outside the web root. The script encodes filenames using a specific algorithm and sends HTTP requests to exploit the flaw.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Microsoft FrontPage 98 Extensions for IIS (NT Option Pack)

Auth required

Prerequisites: Web authoring privileges on the target host · Access to the vulnerable FrontPage extensions

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-025

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1109

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/282

Scores

EPSS 0.1389

EPSS Percentile 96.0%

Details

Status published

Products (2)

microsoft/frontpage

microsoft/visual_interdev 1.0

Published Apr 14, 2000

Tracked Since Feb 18, 2026