ID CVE-2006-0026
Summary Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_information_server:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
oval via4
accepted 2008-02-25T04:00:08.981-05:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Ken Lassesen
    organization Lumension Security, Inc.
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft IIS 5.0 is installed
    oval oval:org.mitre.oval:def:731
  • comment Microsoft Windows XP SP1 (32-bit) is installed
    oval oval:org.mitre.oval:def:1
  • comment Microsoft IIS 5.1 is installed
    oval oval:org.mitre.oval:def:460
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft IIS 5.1 is installed
    oval oval:org.mitre.oval:def:460
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft IIS 6.0 is installed
    oval oval:org.mitre.oval:def:227
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft IIS 6.0 is installed
    oval oval:org.mitre.oval:def:227
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft IIS 6.0 is installed
    oval oval:org.mitre.oval:def:227
description Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
family windows
id oval:org.mitre.oval:def:435
status accepted
submitted 2006-07-25T12:05:33
title Internet Information Services using Malformed Active Server Pages Vulnerability
version 40
refmap via4
bid 18858
bugtraq 20060718 ASP.DLL Include File Buffer Overflow
cert TA06-192A
cert-vn VU#395588
osvdb 27152
sectrack 1016466
secunia 21006
vupen ADV-2006-2752
xf iis-asp-bo(26796)
Last major update 30-10-2018 - 16:25
Published 11-07-2006 - 22:05
Last modified 30-10-2018 - 16:25
Back to Top