Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0506

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2001-0506
Last Modified 05 Sep 2008 04:24:16
Published 20 Sep 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-0506

Summary

Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.

Vulnerable Systems

Application

  • Microsoft Internet Information Server 4.0

  • Microsoft Internet Information Server 5.0


References

BID - 3190

MS - MS01-044

XF - iis-ssi-directive-bo(6984)

CIAC - L-132

BUGTRAQ - 20011127 IIS Server Side Include Buffer overflow exploit code

BUGTRAQ - 20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability


Last Updated: 27 May 2016 10:36:18