Back
CVE-2000-0246
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
Published: Mar 30, 2000
Modified: Apr 16, 2026
CVSS Metrics
Affected Products (7)
| Vendor | Product | Version |
|---|---|---|
| microsoft | commercial_internet_system | 2.0 |
| microsoft | commercial_internet_system | 2.5 |
| microsoft | internet_information_server | 4.0 |
| microsoft | internet_information_services | 5.0 |
| microsoft | proxy_server | 2.0 |
| microsoft | site_server | 3.0 |
| microsoft | site_server_commerce | 3.0 |
GitHub Security Advisory GHSA-2h2p-h37h-5phg
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is...
References (6)
- http://www.microsoft.com/technet/support/kb.asp?ID=249599
- http://www.securityfocus.com/bid/1081
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019
- http://www.microsoft.com/technet/support/kb.asp?ID=249599
- http://www.securityfocus.com/bid/1081
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019
Risk Scores
CVSS Score
5.0 / 10
EPSS Score
83.62%
Top 1% most likely to be exploited
Threat Score
55.1 / 100
Data Sources
NVD
EPSS
GitHub