Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0500

11 documents6 sources

Severity

10.0CRITICAL

EPSS

90.7%

top 0.38%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Index Server

Timeline

PublishedJul 21

Latest updateApr 30

Description

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server6.0

▶NVDmicrosoft/index_server2.0

Patches

Patch: www.cert.org ↗Patch: www.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-gcxg-pq25-8wh2: Buffer overflow in ISAPI extension (idq↗2022-04-30

▶

CVEList

CVE-2001-0500: Buffer overflow in ISAPI extension (idq↗2002-03-09

▶

VulnCheck

Microsoft index_server Out-of-bounds Write↗2001

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 5.0 - IDQ Path Overflow (MS01-033) (Metasploit)↗2010-06-15

▶

Exploit-DB

Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (2)↗2001-06-21

▶

Exploit-DB

Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (4)↗2001-06-18

▶

Exploit-DB

Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)↗2001-06-18

▶

Exploit-DB

Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (3)↗2001-06-18

▶

💬Community

Bugzilla

CVE-2005-2933 imap buffer overflow↗2006-03-05

▶