CVE-2000-0630

Internet Information Server 4.0-5.0 - Source Code Disclosure via .HTR File Fragment Reading

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0630. PoCs published by Zuo Lei.

AI-analyzed exploit summary This is a writeup describing a source code disclosure vulnerability in Microsoft IIS 4.0 and 5.0. By appending '+.htr' to a request for an .asp file, the server may disclose part or all of the source code due to improper handling by ISM.DLL.

Description

IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Zuo Lei · textremotewindows
https://www.exploit-db.com/exploits/20089

This is a writeup describing a source code disclosure vulnerability in Microsoft IIS 4.0 and 5.0. By appending '+.htr' to a request for an .asp file, the server may disclose part or all of the source code due to improper handling by ISM.DLL.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Microsoft IIS 4.0 and 5.0
No auth needed
Prerequisites: Knowledge of target .asp file paths
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1488
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5104

Scores

EPSS 0.6671
EPSS Percentile 99.2%

Details

Status published
Products (2)
microsoft/internet_information_server 4.0
microsoft/internet_information_services 5.0
Published Jul 17, 2000
Tracked Since Feb 18, 2026