ID CVE-2001-0506
Summary Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.
References
Vulnerable Configurations
  • Microsoft IIS 4.0
    cpe:2.3:a:microsoft:internet_information_server:4.0
  • Microsoft IIS 5.0
    cpe:2.3:a:microsoft:internet_information_services:5.0
CVSS
Base: 7.2 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Microsoft IIS 4/5 SSI Buffer Overrun Privelege Elevation. CVE-2001-0506 . Local exploit for windows platform
id EDB-ID:21071
last seen 2016-02-02
modified 2001-08-15
published 2001-08-15
reporter Indigo
source https://www.exploit-db.com/download/21071/
title Microsoft IIS 4/5 - SSI Buffer Overrun Privelege Elevation
nessus via4
NASL family Web Servers
NASL id IIS_ISAPI_OVERFLOW.NASL
description There's a buffer overflow in the remote web server through the ISAPI filter. It is possible to overflow the remote web server and execute commands as user SYSTEM. Additionally, other vulnerabilities exist in the remote web server since it has not been patched.
last seen 2019-01-16
modified 2018-11-15
plugin id 10685
published 2001-06-19
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=10685
title Microsoft IIS ISAPI Filter Multiple Vulnerabilities (MS01-044)
packetstorm via4
data source https://packetstormsecurity.com/files/download/25189/sa2001_06.txt
id PACKETSTORM:25189
last seen 2016-12-05
published 2001-08-19
reporter nsfocus.com
source https://packetstormsecurity.com/files/25189/sa2001_06.txt.html
title sa2001_06.txt
refmap via4
bid 3190
bugtraq
  • 20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability
  • 20011127 IIS Server Side Include Buffer overflow exploit code
ciac L-132
ms MS01-044
xf iis-ssi-directive-bo(6984)
Last major update 17-10-2016 - 22:11
Published 20-09-2001 - 00:00
Last modified 30-10-2018 - 12:25
Back to Top