Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1243

5 documents4 sources
Severity
5.0MEDIUM
EPSS
20.8%
top 4.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Internet Information ServerMicrosoft Internet Information Services
Timeline
PublishedJul 4
Latest updateApr 30

Description

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-385r-ghm4-jjf9: Scripting2022-04-30
CVEList
CVE-2001-1243: Scripting2002-05-03

💥Exploits & PoCs

2
Exploit-DB
Microsoft IIS 4.0/5.0 - Device File Local Denial of Service2001-07-04
Exploit-DB
Microsoft IIS 4.0/5.0 - Device File Remote Denial of Service2001-07-04
CVE-2001-1243 (MEDIUM CVSS 5) | Scripting.FileSystemObject in asp.d | cvebase.io