CVE-2000-1105

Microsoft Indexing Service - Information Disclosure via ixsso.query ActiveX Object

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1105. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit leverages the Microsoft Windows 2000 Indexing Services vulnerability (CVE-2000-1105) via an ActiveX object ('ixsso.query') to disclose the existence and full paths of files on a target system. It demonstrates an information leak by querying the Indexing Service and displaying results in an HTML table.

Description

The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · htmlremotewindows

https://www.exploit-db.com/exploits/20399

View Code ZIP pw:eip

This exploit leverages the Microsoft Windows 2000 Indexing Services vulnerability (CVE-2000-1105) via an ActiveX object ('ixsso.query') to disclose the existence and full paths of files on a target system. It demonstrates an information leak by querying the Indexing Service and displaying results in an HTML table.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows 2000 Indexing Services

No auth needed

Prerequisites: Indexing Services enabled on Windows 2000 · Target system must be accessible via browser · ActiveX controls must be enabled in the browser

MITRE ATT&CK

T1213 - Data from Information Repositories

devstral-2 · analyzed Feb 16, 2026 Full analysis →