CVE-2001-0500 - Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.

CVE-2001-0500

Summary

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:index_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:index_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:indexing_service:*:*:windows_2000:*:*:*:*:*
cpe:2.3:a:microsoft:indexing_service:*:*:windows_2000:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 12-10-2018 - 21:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

oval via4

accepted

2011-05-16T04:02:11.628-04:00

class

vulnerability

contributors

name Tiffany Bergeron
organization The MITRE Corporation
name Tiffany Bergeron
organization The MITRE Corporation
name Glenn Strickland
organization Secure Elements, Inc.
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

family

windows

oval:org.mitre.oval:def:197

status

accepted

submitted

2004-01-14T12:00:00.000-04:00

title

IIS ISAPI Extension Indexing Service Buffer Overflow (Code Red)

version

refmap via4

bid	2880
bugtraq	20010618 All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)
cert	CA-2001-13
ciac	L-098
xf	iis-isapi-idq-bo(6705)

Last major update

12-10-2018 - 21:30

Published

21-07-2001 - 04:00

Last modified

12-10-2018 - 21:30