Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0500

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-0500
Last Modified 05 Sep 2008 04:24:16
Published 21 Jul 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0500

Summary

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.

Vulnerable Systems

Application

  • Microsoft Index Server 2.0

  • Microsoft Indexing Service

  • Microsoft Internet Information Server 6.0


References

CERT - CA-2001-13

MS - MS01-033

BID - 2880

BUGTRAQ - 20010618 All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)

XF - iis-isapi-idq-bo(6705)

CIAC - L-098


Last Updated: 27 May 2016 10:36:17