CVE-2000-0979

Windows 95 98 ME - Unauthenticated Share Access Bypass via Single-Character Password Match

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2000-0979. PoCs published by Gabriel Maggiotti, stickler, Z6543.

AI-analyzed exploit summary This is a writeup describing a vulnerability in Windows 95/98/ME File and Print Sharing where share-level password protection can be bypassed by manipulating the password data length during authentication. The flaw lies in the NetBIOS password verification scheme, allowing an attacker to gain access by guessing only the first byte of the password.

Description

File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.

Exploits (3)

exploitdb WRITEUP VERIFIED
by Gabriel Maggiotti · textremotewindows
https://www.exploit-db.com/exploits/20284

This is a writeup describing a vulnerability in Windows 95/98/ME File and Print Sharing where share-level password protection can be bypassed by manipulating the password data length during authentication. The flaw lies in the NetBIOS password verification scheme, allowing an attacker to gain access by guessing only the first byte of the password.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Windows 95/98/ME File and Print Sharing
No auth needed
Prerequisites: Network access to the target system · File and Print Sharing enabled on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by stickler · textremotewindows
https://www.exploit-db.com/exploits/20283

The exploit describes a vulnerability in Windows 95/98/ME share-level password protection, where the password verification process only checks the first byte of the password if the data length is modified programmatically. This allows an attacker to bypass authentication by guessing the first byte of the password.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Windows 95/98/ME File and Print Sharing
No auth needed
Prerequisites: Network access to the target system · Knowledge of the first byte of the share-level password
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by Z6543 · poc
https://github.com/Z6543/CVE-2000-0979

This repository contains a functional exploit for CVE-2000-0979, targeting a buffer overflow vulnerability in SMB protocol implementations. The exploit includes packet crafting and network communication to trigger the vulnerability, with references to historical exploits like WORM_OPASERV.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SMB protocol implementations (e.g., Windows systems)
No auth needed
Prerequisites: Network access to target SMB port (139) · Vulnerable SMB implementation
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5395
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1780
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=97147777618139&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A996

Scores

EPSS 0.4563
EPSS Percentile 98.6%

Details

Status published
Products (4)
microsoft/windows_95
microsoft/windows_98
microsoft/windows_98se
microsoft/windows_me
Published Dec 19, 2000
Tracked Since Feb 18, 2026