CVE-2000-0886
IIS 5.0 - Command Injection
Title source: llmDescription
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Nsfocus · textremotewindows
https://www.exploit-db.com/exploits/20384
References (5)
Scores
EPSS
0.8922
EPSS Percentile
99.5%
Details
Status
published
Products (2)
microsoft/internet_information_server
4.0
microsoft/internet_information_services
5.0
Published
Dec 19, 2000
Tracked Since
Feb 18, 2026