CVE-2000-0886

Internet Information Server 5.0 - Remote Code Execution via Malformed Executable File Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0886. PoCs published by Nsfocus.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Microsoft IIS 4.0/5.0 where specially crafted requests to .bat or .cmd files allow execution of arbitrary commands via cmd.exe. The PoC includes multiple URL variants to trigger directory listings or command execution, including bypasses for the initial patch (Q277873).

Description

IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nsfocus · textremotewindows

https://www.exploit-db.com/exploits/20384

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in Microsoft IIS 4.0/5.0 where specially crafted requests to .bat or .cmd files allow execution of arbitrary commands via cmd.exe. The PoC includes multiple URL variants to trigger directory listings or command execution, including bypasses for the initial patch (Q277873).

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft IIS 4.0/5.0

No auth needed

Prerequisites: Existing .bat or .cmd file in an executable directory · Network access to target IIS server

MITRE ATT&CK