Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0457


Vulnerability Score 7.5 7.5
CVE Id CVE-2000-0457
Last Modified 10 Sep 2008 07:55:31
Published 11 May 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.

Vulnerable Systems


  • Microsoft Internet Information Server 4.0

  • Microsoft Internet Information Server 5.0


XF - iis-ism-file-access(4448)

BID - 1193

MS - MS00-031

BUGTRAQ - 20000511 Alert: IIS ism.dll exposes file contents

Last Updated: 27 May 2016 10:35:43