CVE-2000-0246

Description

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

Affected products

• Microsoft / commercial_internet_system2.0 – 2.0
• Microsoft / commercial_internet_system2.5 – 2.5
• Microsoft / internet_information_server4.0 – 4.0
• Microsoft / internet_information_services5.0 – 5.0
• Microsoft / proxy_server2.0 – 2.0
• Microsoft / site_server3.0 – 3.0
• Microsoft / site_server_commerce3.0 – 3.0

References

• MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019
• MISChttp://www.microsoft.com/technet/support/kb.asp?ID=249599
• MISChttp://www.securityfocus.com/bid/1081