CVE-2000-0241
published 2000-03-21CVE-2000-0241: vqSoft vqServer stores sensitive information such as passwords in cleartext in the server.cfg file, which allows attackers to gain privileges.
PriorityP414medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.23%
65.2th percentile
vqSoft vqServer stores sensitive information such as passwords in cleartext in the server.cfg file, which allows attackers to gain privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vqsoft | vqserver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
vqSoft vqServer 1.9.9 on Windows Config File server.cfg cleartext storage (Nessus ID 10354 / XFDB-4154)
vuldb·2026-04-21·CVSS 5.0
CVE-2000-0241 [MEDIUM] vqSoft vqServer 1.9.9 on Windows Config File server.cfg cleartext storage (Nessus ID 10354 / XFDB-4154)
A vulnerability, which was classified as problematic, was found in vqSoft vqServer 1.9.9 on Windows. This affects an unknown part of the file server.cfg of the component Config File Handler. The manipulation results in cleartext storage of sensitive information.
This vulnerability is reported as CVE-2000-0241. The attack can be launched remotely. No exploit exists.
You should upgrade the affected component.
GHSA
GHSA-q9jx-r63x-g7f5: vqSoft vqServer stores sensitive information such as passwords in cleartext in the server
ghsa_unreviewed·2022-04-30
CVE-2000-0241 [MEDIUM] GHSA-q9jx-r63x-g7f5: vqSoft vqServer stores sensitive information such as passwords in cleartext in the server
vqSoft vqServer stores sensitive information such as passwords in cleartext in the server.cfg file, which allows attackers to gain privileges.
No detection rules found.
Exploit-DB
Microsoft IIS 5.0 - Printer Host Header Overflow (MS01-023) (Metasploit)
exploitdb·2010-04-30
CVE-2001-0241 Microsoft IIS 5.0 - Printer Host Header Overflow (MS01-023) (Metasploit)
Microsoft IIS 5.0 - Printer Host Header Overflow (MS01-023) (Metasploit)
---
##
# $Id: ms01_023_printer.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft IIS 5.0 Printer Host Header Overflow',
'Description' => %q{
This exploits a buffer overflow in the request processor of
the Internet Printing Protocol ISAPI module in IIS. This
module works against Windows 2000 service pack 0 and 1. If
the service stops responding after a successful compromise,
run the exploit a couple more times to completely k
Exploit-DB
Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (3)
exploitdb·2005-02-02
CVE-2001-0241 Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (3)
Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (3)
---
/*
source: https://www.securityfocus.com/bid/2674/info
Windows 2000 Internet printing ISAPI extension contains msw3prt.dll which handles user requests. Due to an unchecked buffer in msw3prt.dll, a maliciously crafted HTTP .printer request containing approx 420 bytes in the 'Host:' field will allow the execution of arbitrary code. Typically a web server would stop responding in a buffer overflow condition; however, once Windows 2000 detects an unresponsive web server it automatically performs a restart. Therefore, the administrator will be unaware of this attack.
* If Web-based Printing has been configured in group policy, attempts to disable or unmap the affected extension via Internet Services Manager will be overr
Exploit-DB
Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (2)
exploitdb·2001-05-08
CVE-2001-0241 Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (2)
Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (2)
---
/* IIS 5 remote .printer overflow. "jill.c" (don't ask).
*
* by: dark spyrit
*
* respect to eeye for finding this one - nice work.
* shouts to halvar, neofight and the beavuh bitchez.
*
* this exploit overwrites an exception frame to control eip and get to
* our code.. the code then locates the pointer to our larger buffer and
* execs.
*
* usage: jill
*
* the shellcode spawns a reverse cmd shell.. so you need to set up a
* netcat listener on the host you control.
*
* Ex: nc -l -p -vv
*
* I haven't slept in years.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
int main(int argc, char *argv[]){
/* the whole request rolled into one, pretty huh?
Exploit-DB
Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (1)
exploitdb·2001-05-07
CVE-2001-0241 Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (1)
Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (1)
---
/***********************************************************************
iishack 2000 - eEye Digital Security - 2001
This affects all unpatched windows 2000 machines with the .printer
isapi filter loaded. This is purely proof of concept.
Quick rundown of the exploit:
Eip overruns at position 260
i have 19 bytes of code to jump back to the beginning of the buffer.
(and a 4 byte eip jumping into a jmp esp located in mfc42.dll). The
jumpback was kinda weird, requiring a little forward padding to protect
the rest of the code.
The buffer itself:
Uou only have about 250ish bytes before the overflow(taking into
account the eip and jumpback), and like 211 after it. this makes
things tight. This is why i hardcode
Exploit-DB
Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (2)
exploitdb·2001-05-01
CVE-2001-0241 Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (2)
Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (2)
---
/*
source: https://www.securityfocus.com/bid/2674/info
Windows 2000 Internet printing ISAPI extension contains msw3prt.dll which handles user requests. Due to an unchecked buffer in msw3prt.dll, a maliciously crafted HTTP .printer request containing approx 420 bytes in the 'Host:' field will allow the execution of arbitrary code. Typically a web server would stop responding in a buffer overflow condition; however, once Windows 2000 detects an unresponsive web server it automatically performs a restart. Therefore, the administrator will be unaware of this attack.
* If Web-based Printing has been configured in group policy, attempts to disable or unmap the affected extension via Internet Services Manager will be overr
Exploit-DB
Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (1)
exploitdb·2001-05-01
CVE-2001-0241 Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (1)
Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (1)
---
#source: https://www.securityfocus.com/bid/2674/info
#Windows 2000 Internet printing ISAPI extension contains msw3prt.dll which handles user requests. Due to an unchecked buffer in msw3prt.dll, a maliciously crafted HTTP .printer request containing approx 420 bytes in the 'Host:' field will allow the execution of arbitrary code. Typically a web server would stop responding in a buffer overflow condition; however, once Windows 2000 detects an unresponsive web server it automatically performs a restart. Therefore, the administrator will be unaware of this attack.
#* If Web-based Printing has been configured in group policy, attempts to disable or unmap the affected extension via Internet Services Manager will be overr
Exploit-DB
Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (4)
exploitdb·2001-05-01
CVE-2001-0241 Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (4)
Microsoft IIS 5.0 - '.printer' ISAPI Extension Buffer Overflow (4)
---
source: https://www.securityfocus.com/bid/2674/info
Windows 2000 Internet printing ISAPI extension contains msw3prt.dll which handles user requests. Due to an unchecked buffer in msw3prt.dll, a maliciously crafted HTTP .printer request containing approx 420 bytes in the 'Host:' field will allow the execution of arbitrary code. Typically a web server would stop responding in a buffer overflow condition; however, once Windows 2000 detects an unresponsive web server it automatically performs a restart. Therefore, the administrator will be unaware of this attack.
* If Web-based Printing has been configured in group policy, attempts to disable or unmap the affected extension via Internet Services Manager will be overridd
No writeups or analysis indexed.
2000-03-21
Published