Published: 04/07/2001 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Subscribe to Internet Information Server

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote malicious users to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet information server 4.0
microsoft internet information services 5.0

source: wwwsecurityfocuscom/bid/2973/info Microsoft IIS is prone to denial of service attacks by local users This issue is exploitable if the local attacker can create an asp file which makes calls to various devices names The local attacker must of course possess the privileges required to create such files The end result of exploit ...

source: wwwsecurityfocuscom/bid/2977/info Microsoft IIS is prone to denial of service attacks by remote attackers This can occur if the remote attack crafts a URL which tries to pass a script parameter that is a device name The end result of exploiting this vulnerability is that the server will crash and a denial of services will occur ...

NVD-CWE-Other http://www.iss.net/security_center/static/6800.php http://www.securityfocus.com/bid/2973 http://www.securityfocus.com/archive/1/194919 https://nvd.nist.gov https://www.exploit-db.com/exploits/20989/

CVE-2001-1243

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect