CVE-1999-1246

Published: Dec 31, 1999Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.

Affected (1)

Products: Microsoft: Site Server

Microsoft

1 product

Site Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Site Server	Version 3.0

References (4)

http://support.microsoft.com/support/kb/articles/Q229/9/72.asp

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/2068

Source: cve@mitre.org

http://support.microsoft.com/support/kb/articles/Q229/9/72.asp

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/2068

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.