CVE-1999-1538

Name of the Vulnerable Software and Affected Versions: IIS versions 2 through 3

Description: The issue occurs when IIS 2 or 3 is upgraded to IIS 4, resulting in the ism.dll being inadvertently left in the /scripts/iisadmin directory. This does not restrict access to the local machine, allowing an unauthorized user to gain access to sensitive server information, including the Administrator's password.

Recommendations: For IIS versions 2 through 3, remove the ism.dll from the /scripts/iisadmin directory after upgrading to IIS 4 to prevent unauthorized access to sensitive server information.