CVE-2000-0246

Published: Mar 30, 2000Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

Affected (7)

Products: Microsoft: Commercial Internet System, Internet Information Server, Internet Information Services, Proxy Server, Site Server, Site Server Commerce

Microsoft

6 products

Commercial Internet System

Internet Information Server

Internet Information Services

Proxy Server

Site Server

Site Server Commerce

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Microsoft Commercial Internet System	Version 2.0
Microsoft Commercial Internet System	Version 2.5
Microsoft Internet Information Server	Version 4.0
Microsoft Internet Information Services	Version 5.0
Microsoft Proxy Server	Version 2.0
Microsoft Site Server	Version 3.0
Microsoft Site Server Commerce	Version 3.0

References (6)

http://www.microsoft.com/technet/support/kb.asp?ID=249599

Source: cve@mitre.org

http://www.securityfocus.com/bid/1081

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019

Source: cve@mitre.org

http://www.microsoft.com/technet/support/kb.asp?ID=249599

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/1081

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.