CVE-2000-0413
FrontPage Extensions - Physical Path Disclosure via Error Message
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2000-0413. PoCs published by Frankie Zie.
AI-analyzed exploit summary This exploit leverages a path disclosure vulnerability in Microsoft IIS 4.0/5.0 and FrontPage Server Extensions by requesting non-existent files via shtml.exe or shtml.dll, which reveals the full local path to the web root in the error message.
Description
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
Exploits (1)
This exploit leverages a path disclosure vulnerability in Microsoft IIS 4.0/5.0 and FrontPage Server Extensions by requesting non-existent files via shtml.exe or shtml.dll, which reveals the full local path to the web root in the error message.