header-logo
Suggest Exploit
vendor:
IIS
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: IIS
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2002-0649
CPE: a:microsoft:iis
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

ASP ISAPI File Parser Buffer Overflow

The ASP ISAPI file parser does not properly execute certain malformed ASP files that contain scripts with the LANGUAGE parameter containing a buffer of over 2200 characters and have the RUNAT value set as 'server'. Depending on the data entered into the buffer, a denial of service attack could be launched or arbitrary code could be executed under the SYSTEM privilege level in the event that a malicious ASP file were locally executed on IIS.

Mitigation:

Ensure that the LANGUAGE parameter does not contain a buffer of over 2200 characters and that the RUNAT value is not set as 'server'.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1911/info

The ASP ISAPI file parser does not properly execute certain malformed ASP files that contain scripts with the LANGUAGE parameter containing a buffer of over 2200 characters and have the RUNAT value set as 'server'. Depending on the data entered into the buffer, a denial of service attack could be launched or arbitrary code could be executed under the SYSTEM privilege level in the event that a malicious ASP file were locally executed on IIS.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20383.zip

Navigation

Suggest Exploit

Services By CQR