CVE-1999-1538
LowExploitation Probability (EPSS)
Very high risk98th percentile — higher than 98% of all known CVEs
Summary
When upgrading from IIS 2 or 3 to IIS 4, the ism.dll file is left in the /scripts/iisadmin directory, which does not restrict access to the local machine. This allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
Risk Assessment
The organization is exposed to unauthorized access to critical data, which can lead to serious security breaches and loss of confidentiality of information.
Recommendation
It is recommended to remove the ism.dll file from the /scripts/iisadmin directory and implement appropriate access security measures.
Original NVD description (English source)
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

