Vulnerabilities > CVE-1999-0412 - Unspecified vulnerability in Microsoft products

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

exploit available

NVD

Published: 1999-02-19

Updated: 2020-11-23

Summary

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

Part	Description	Count
Application	Microsoft Microsoft Internet Information Server 3.0 Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 2.0	3

description	Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability. CVE-1999-0412. Local exploit for windows platform
id	EDB-ID:19376
last seen	2016-02-02
modified	1999-03-08
published	1999-03-08
reporter	Fabien Royer
source	https://www.exploit-db.com/download/19376/
title	Microsoft IIS 2.0/3.0/4.0 - ISAPI GetExtensionVersion Vulnerability