Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1538


Vulnerability Score 2.1 2.1
CVE Id CVE-1999-1538
Last Modified 05 Sep 2008 04:19:45
Published 14 Jan 1999 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

Vulnerable Systems


  • Microsoft Internet Information Server 4.0


NTBUGTRAQ - 19990114 MS IIS 4.0 Security Advisory

BID - 189

Last Updated: 27 May 2016 10:35:29