ID CVE-2006-0026
Summary Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
References
Vulnerable Configurations
  • Microsoft IIS 5.1
    cpe:2.3:a:microsoft:internet_information_server:5.1
  • Microsoft IIS 6.0
    cpe:2.3:a:microsoft:internet_information_server:6.0
  • Microsoft IIS 5.0
    cpe:2.3:a:microsoft:internet_information_services:5.0
CVSS
Base: 6.5 (as of 12-07-2006 - 11:38)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Microsoft IIS ASP Stack Overflow Exploit (MS06-034). CVE-2006-0026. Local exploit for windows platform
id EDB-ID:2056
last seen 2016-01-31
modified 2006-07-21
published 2006-07-21
reporter cocoruder
source https://www.exploit-db.com/download/2056/
title Microsoft IIS ASP - Stack Overflow Exploit MS06-034
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS06-034.NASL
description The remote host is running a version of Windows and IIS that is vulnerable to a flaw that could allow an attacker who has the privileges to upload arbitrary ASP scripts to it to execute arbitrary code. Specifically, the remote version of IIS is vulnerable to a flaw when parsing specially crafted ASP files. By uploading a malicious ASP file on the remote host, an attacker may be able to take the complete control of the remote system.
last seen 2019-02-21
modified 2018-11-15
plugin id 22028
published 2006-07-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=22028
title MS06-034: Vulnerability in Microsoft IIS using ASP Could Allow Remote Code Execution (917537)
oval via4
accepted 2008-02-25T04:00:08.981-05:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Ken Lassesen
    organization Lumension Security, Inc.
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft IIS 5.0 is installed
    oval oval:org.mitre.oval:def:731
  • comment Microsoft Windows XP SP1 (32-bit) is installed
    oval oval:org.mitre.oval:def:1
  • comment Microsoft IIS 5.1 is installed
    oval oval:org.mitre.oval:def:460
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft IIS 5.1 is installed
    oval oval:org.mitre.oval:def:460
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft IIS 6.0 is installed
    oval oval:org.mitre.oval:def:227
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft IIS 6.0 is installed
    oval oval:org.mitre.oval:def:227
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft IIS 6.0 is installed
    oval oval:org.mitre.oval:def:227
description Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
family windows
id oval:org.mitre.oval:def:435
status accepted
submitted 2006-07-25T12:05:33
title Internet Information Services using Malformed Active Server Pages Vulnerability
version 34
refmap via4
bid 18858
bugtraq 20060718 ASP.DLL Include File Buffer Overflow
cert TA06-192A
cert-vn VU#395588
ms MS06-034
osvdb 27152
sectrack 1016466
secunia 21006
vupen ADV-2006-2752
xf iis-asp-bo(26796)
Last major update 07-03-2011 - 21:29
Published 11-07-2006 - 18:05
Last modified 30-10-2018 - 12:25
Back to Top