Vulnerability Details CVE-2001-0500
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.909
EPSS Ranking 99.6%
CVSS Severity
CVSS v2 Score 10.0
References
- http://www.cert.org/advisories/CA-2001-13.html
- http://www.ciac.org/ciac/bulletins/l-098.shtml
- http://www.iss.net/security_center/static/6705.php
- http://www.securityfocus.com/archive/1/191873
- http://www.securityfocus.com/bid/2880
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-033
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A197
- http://www.cert.org/advisories/CA-2001-13.html
- http://www.ciac.org/ciac/bulletins/l-098.shtml
- http://www.iss.net/security_center/static/6705.php
- http://www.securityfocus.com/archive/1/191873
- http://www.securityfocus.com/bid/2880
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-033
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A197
Products affected by CVE-2001-0500
-
cpe:2.3:a:microsoft:index_server:2.0
-
cpe:2.3:a:microsoft:indexing_service:-
-
cpe:2.3:a:microsoft:internet_information_server:6.0