CVE-2002-1744

Microsoft Internet Information Services 5.0 - Directory Traversal via Hex-Encoded Unicode Dot-Dot

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1744. PoCs published by H D Moore.

AI-analyzed exploit summary This is a writeup describing a directory traversal vulnerability in Microsoft IIS 5.0's CodeBrws.asp script, which allows attackers to map out the directory structure using Unicode-encoded traversal sequences. The provided examples demonstrate how to exploit the flaw to access files outside the intended directory.

Description

Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).

Exploits (1)

exploitdb WRITEUP VERIFIED
by H D Moore · textremotewindows
https://www.exploit-db.com/exploits/21385

This is a writeup describing a directory traversal vulnerability in Microsoft IIS 5.0's CodeBrws.asp script, which allows attackers to map out the directory structure using Unicode-encoded traversal sequences. The provided examples demonstrate how to exploit the flaw to access files outside the intended directory.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Microsoft IIS 5.0
No auth needed
Prerequisites: IIS 5.0 with /IISSAMPLES directory accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8853
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/267945
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/268065
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4525

Scores

EPSS 0.6361
EPSS Percentile 99.1%

Details

Status published
Products (1)
microsoft/internet_information_services 5.0
Published Dec 31, 2002
Tracked Since Feb 18, 2026