CVE-2000-0770

medium

Microsoft

CVSS v3 Base Score

6.4

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS Score

1.6%

Exploitation probability in 30 days

Top 18% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

None

Published: October 20, 2000 (9337 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.

CWE

NVD-CWE-Other

Affected Products

microsoft internet information servermicrosoft internet information services

References

🔗 www.securityfocus.com 🔗 docs.microsoft.com 🔗 www.securityfocus.com 🔗 docs.microsoft.com

CVE-2000-0770

Vulnerability Report

Description

CWE

Affected Products

References