ID CVE-2008-0075
Summary Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_information_server:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 21:44)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2011-11-14T04:00:25.691-05:00
class vulnerability
contributors
  • name Jeff Ito
    organization Secure Elements, Inc.
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Chandan S
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft IIS 5.1 is installed
    oval oval:org.mitre.oval:def:460
  • comment Microsoft IIS 6.0 is installed
    oval oval:org.mitre.oval:def:227
  • comment Microsoft Windows XP Professional x64 Edition SP1 is installed
    oval oval:org.mitre.oval:def:720
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP1 (x64) is installed
    oval oval:org.mitre.oval:def:4386
  • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
    oval oval:org.mitre.oval:def:1205
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
description Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
family windows
id oval:org.mitre.oval:def:5308
status accepted
submitted 2008-02-14T10:00:19
title Internet Information Services Remote Code Execution Vulnerability
version 37
refmap via4
bid 27676
cert TA08-043C
hp
  • HPSBST02314
  • SSRT080016
ms MS08-006
sectrack 1019385
secunia 28893
vupen ADV-2008-0508
Last major update 12-10-2018 - 21:44
Published 12-02-2008 - 21:00
Back to Top