Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0412

4 documents4 sources

Severity

7.5HIGH

EPSS

27.1%

top 3.62%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedFeb 19

Latest updateApr 30

Description

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server3.0, 4.0+1

▶NVDmicrosoft/internet_information_services2.0

🔴Vulnerability Details

GHSA

GHSA-g4g4-39cv-vpgv: In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension↗2022-04-30

▶

CVEList

CVE-1999-0412: In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension↗1999-09-29

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 2.0/3.0/4.0 - ISAPI GetExtensionVersion()↗1999-03-08

▶