Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1243


Vulnerability Score 5.0 5.0
CVE Id CVE-2001-1243
Last Modified 05 Sep 2008 04:26:03
Published 04 Jul 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

Vulnerable Systems


  • Microsoft Internet Information Server 4.0

  • Microsoft Internet Information Server 5.0


BID - 2973

BUGTRAQ - 20010704 NERF Advisory #4: MS IIS local and remote DoS

XF - iis-device-asp-dos(6800)

Last Updated: 27 May 2016 10:36:35