Vulnerabilities > CVE-2000-1089 - Unspecified vulnerability in Microsoft Windows 2000 and Windows NT
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 |
Exploit-Db
description Microsoft IIS Phone Book Service Overflow. CVE-2000-1089. Remote exploit for windows platform id EDB-ID:16357 last seen 2016-02-01 modified 2010-04-30 published 2010-04-30 reporter metasploit source https://www.exploit-db.com/download/16357/ title Microsoft IIS Phone Book Service Overflow description Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow. CVE-2000-1089. Remote exploit for windows platform id EDB-ID:20460 last seen 2016-02-02 modified 2000-12-04 published 2000-12-04 reporter Alberto Solino source https://www.exploit-db.com/download/20460/ title Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow
Metasploit
description | This is an exploit for the Phone Book Service /pbserver/pbserver.dll described in MS00-094. By sending an overly long URL argument for phone book updates, it is possible to overwrite the stack. This module has only been tested against Windows 2000 SP1. |
id | MSF:EXPLOIT/WINDOWS/ISAPI/MS00_094_PBSERVER |
last seen | 2020-05-22 |
modified | 2017-11-08 |
published | 2008-08-10 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1089 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/isapi/ms00_094_pbserver.rb |
title | MS00-094 Microsoft IIS Phone Book Service Overflow |
Nessus
NASL family | CGI abuses |
NASL id | PHONEBOOK.NASL |
description | The CGI /pbserver/pbserver.dll is subject to a buffer overflow attack that may allow an attacker to execute arbitrary commands on this host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10564 |
published | 2000-12-06 |
reporter | This script is Copyright (C) 2000-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10564 |
title | Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/83175/ms00_094_pbserver.rb.txt |
id | PACKETSTORM:83175 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | patrick |
source | https://packetstormsecurity.com/files/83175/Microsoft-IIS-Phone-Book-Service-Overflow.html |
title | Microsoft IIS Phone Book Service Overflow |