CVE-1999-1538 Information

Description

When IIS 2 or 3 is upgraded to IIS 4 ism.dll is inadvertently left in /scripts/iisadmin which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information including the Administrator’s password.

Reference

http://marc.info/?l=bugtraq&m=91638375309890&w=2 http://marc.info/?l=ntbugtraq&m=91632724913080&w=2 http://www.securityfocus.com/bid/189