Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0874 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Internet Information Server

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents4 sources

Severity

10.0CRITICALNVD

EPSS

84.5%

top 0.67%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Windows NT

Timeline

PublishedJun 16

Latest updateApr 30

Description

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/windows_nt4.0

▶NVDmicrosoft/internet_information_server4.0

🔴Vulnerability Details

GHSA

GHSA-5c7g-wprj-cxg3: Buffer overflow in IIS 4↗2022-04-30

▶

CVEList

CVE-1999-0874: Buffer overflow in IIS 4↗2000-06-02

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 4.0 - '.htr' Path Overflow (MS02-018) (Metasploit)↗2010-04-30

▶

Exploit-DB

Microsoft IIS 4.0 - Remote Buffer Overflow (3)↗1999-06-15

▶

Exploit-DB

Microsoft IIS 4.0 - Remote Buffer Overflow (2)↗1999-06-15

▶

Exploit-DB

Microsoft IIS 4.0 - Remote Buffer Overflow (1)↗1999-06-15

▶

Exploit-DB

Microsoft IIS 4.0 - Remote Buffer Overflow (4)↗1999-06-15

▶