EIP-2026-118784

PRE-CVE

Microsoft IIS (Windows NT 4.0/SP1/SP2/SP3/SP4/SP5) - '.IDC' Path Mapping

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118784. PoCs published by Scott Danahy.

AI-analyzed exploit summary This is a technical writeup describing an information disclosure vulnerability in IIS where requesting a non-existent .IDC file reveals the full physical path of the web server root directory. The vulnerability is triggered by the server's error message, which includes the absolute pathname of the requested file.

Description

Microsoft IIS (Windows NT 4.0/SP1/SP2/SP3/SP4/SP5) - '.IDC' Path Mapping

Exploits (1)

exploitdb WRITEUP VERIFIED

by Scott Danahy · textremotewindows

https://www.exploit-db.com/exploits/19239

View Code ZIP pw:eip

This is a technical writeup describing an information disclosure vulnerability in IIS where requesting a non-existent .IDC file reveals the full physical path of the web server root directory. The vulnerability is triggered by the server's error message, which includes the absolute pathname of the requested file.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Information Services (IIS)

No auth needed

Prerequisites: Access to the target IIS server

MITRE ATT&CK

T1119 - Automated Collection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026