Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0026

4 documents4 sources

Severity

6.5MEDIUM

EPSS

90.1%

top 0.41%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedJul 11

Latest updateMay 1

Description

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server6.0

▶NVDmicrosoft/internet_information_services5.0

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-2w52-p6rg-2493: Buffer overflow in Microsoft Internet Information Services (IIS) 5↗2022-05-01

▶

CVEList

CVE-2006-0026: Buffer overflow in Microsoft Internet Information Services (IIS) 5↗2006-07-11

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS - ASP Stack Overflow (MS06-034)↗2006-07-21

▶