Vulnerability Details : CVE-2000-1089
Public exploit exists!
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2000-1089
Probability of exploitation activity in the next 30 days: 96.97%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2000-1089
-
MS00-094 Microsoft IIS Phone Book Service Overflow
Disclosure Date: 2000-12-04First seen: 2020-04-26exploit/windows/isapi/ms00_094_pbserverThis is an exploit for the Phone Book Service /pbserver/pbserver.dll described in MS00-094. By sending an overly long URL argument for phone book updates, it is possible to overwrite the stack. This module has only been tested against Windows 2000 SP1. Autho
CVSS scores for CVE-2000-1089
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2000-1089
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-094
-
http://www.stake.com/research/advisories/2000/a120400-1.txt
Exploit;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/2048
Microsoft PhoneBook Server Buffer OverflowExploit;Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/5623
Products affected by CVE-2000-1089
- cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*