CVE-1999-1538

Description

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

Severity

Overall Severity: N/A

CVSS Metrics

Type	Score	Severity	Vector

Affected Products

References

• http://marc.info/?l=bugtraq&m=91638375309890&w=2
• http://marc.info/?l=ntbugtraq&m=91632724913080&w=2
• http://www.securityfocus.com/bid/189
  Exploit
• http://marc.info/?l=bugtraq&m=91638375309890&w=2
• http://marc.info/?l=ntbugtraq&m=91632724913080&w=2
• http://www.securityfocus.com/bid/189
  Exploit