CVE Database · CVE-1999-0412
CVSS v3.1
N/A
EPSS
10.24%
Published
Feb 19, 1999
Modified
Apr 15, 2026
Public PoC / Exploit (2)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
Affected Products (3)
