CVE-2000-1089

Microsoft Phone Book Service - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2000-1089. PoCs published by Metasploit, Alberto Solino, aushack, including Metasploit module exploits/windows/isapi/ms00_094_pbserver.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack-based buffer overflow in Microsoft IIS Phone Book Service (CVE-2000-1089) via an overly long URL argument. It targets Windows 2000 SP0/SP1 and NT SP6, delivering a payload to achieve remote code execution.

Description

Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16357

This is a Metasploit module exploiting a stack-based buffer overflow in Microsoft IIS Phone Book Service (CVE-2000-1089) via an overly long URL argument. It targets Windows 2000 SP0/SP1 and NT SP6, delivering a payload to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS with Phone Book Service (pbserver.dll)
No auth needed
Prerequisites: Vulnerable IIS server with exposed /pbserver/pbserver.dll
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Alberto Solino · textremotewindows
https://www.exploit-db.com/exploits/20460

This is a detailed writeup describing a buffer overflow vulnerability in the Phone Book Service (PBSERVER.DLL) in IIS 4 and IIS 5. The vulnerability allows remote code execution by sending a crafted HTTP request with an overly long parameter, bypassing a length check.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft IIS 4.0 and 5.0 with Phone Book Service
No auth needed
Prerequisites: Phone Book Service installed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by aushack · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/isapi/ms00_094_pbserver.rb

This is a Metasploit module exploiting a stack-based buffer overflow in Microsoft IIS Phone Book Service (pbserver.dll) via an overly long URL argument. It targets Windows 2000 SP1/SP0 and NT SP6, using a JMP ESP or CALL ESP instruction to redirect execution to the payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS Phone Book Service (pbserver.dll) on Windows 2000 SP1/SP0 and NT SP6
No auth needed
Prerequisites: Vulnerable IIS Phone Book Service exposed · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2048
Exploit, Patch, Vendor Advisory vendor-advisory x_refsource_atstake
http://www.stake.com/research/advisories/2000/a120400-1.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5623

Scores

EPSS 0.7464
EPSS Percentile 99.4%

Details

Status published
Products (2)
microsoft/windows_2000
microsoft/windows_nt 4.0
Published Jan 09, 2001
Tracked Since Feb 18, 2026