Vulnerabilities > CVE-2001-0500 - Buffer Overflow vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description MS Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow (2). CVE-2001-0500. Remote exploit for windows platform id EDB-ID:20931 last seen 2016-02-02 modified 2001-06-21 published 2001-06-21 reporter hsj source https://www.exploit-db.com/download/20931/ title Microsoft Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow 2 description MS Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow (4). CVE-2001-0500. Remote exploit for windows platform id EDB-ID:20933 last seen 2016-02-02 modified 2001-06-18 published 2001-06-18 reporter blackangels source https://www.exploit-db.com/download/20933/ title Microsoft Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow 4 description Microsoft IIS 5.0 IDQ Path Overflow. CVE-2001-0500. Remote exploit for windows platform id EDB-ID:16472 last seen 2016-02-01 modified 2010-06-15 published 2010-06-15 reporter metasploit source https://www.exploit-db.com/download/16472/ title Microsoft IIS 5.0 IDQ Path Overflow description MS Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow (1). CVE-2001-0500. Dos exploit for windows platform id EDB-ID:20930 last seen 2016-02-02 modified 2001-06-18 published 2001-06-18 reporter Ps0 source https://www.exploit-db.com/download/20930/ title Microsoft Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow 1 description MS Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow (3). CVE-2001-0500. Remote exploit for windows platform id EDB-ID:20932 last seen 2016-02-02 modified 2001-06-18 published 2001-06-18 reporter mat source https://www.exploit-db.com/download/20932/ title Microsoft Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow 3
Metasploit
description | This module exploits a stack buffer overflow in the IDQ ISAPI handler for Microsoft Index Server. |
id | MSF:EXPLOIT/WINDOWS/IIS/MS01_033_IDQ |
last seen | 2020-05-22 |
modified | 2017-07-24 |
published | 2006-09-13 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0500 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/iis/ms01_033_idq.rb |
title | MS01-033 Microsoft IIS 5.0 IDQ Path Overflow |
Nessus
NASL family | Web Servers |
NASL id | IIS_ISAPI_OVERFLOW.NASL |
description | There |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10685 |
published | 2001-06-19 |
reporter | This script is Copyright (C) 2001-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10685 |
title | Microsoft IIS ISAPI Filter Multiple Vulnerabilities (MS01-044) |
code |
|
Oval
accepted | 2011-05-16T04:02:11.628-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
description | Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. | ||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:197 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2004-01-14T12:00:00.000-04:00 | ||||||||||||||||||||||||
title | IIS ISAPI Extension Indexing Service Buffer Overflow (Code Red) | ||||||||||||||||||||||||
version | 70 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/82956/ms01_033_idq.rb.txt |
id | PACKETSTORM:82956 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | MC |
source | https://packetstormsecurity.com/files/82956/Microsoft-IIS-5.0-IDQ-Path-Overflow.html |
title | Microsoft IIS 5.0 IDQ Path Overflow |
References
- http://www.cert.org/advisories/CA-2001-13.html
- http://www.ciac.org/ciac/bulletins/l-098.shtml
- http://www.iss.net/security_center/static/6705.php
- http://www.securityfocus.com/archive/1/191873
- http://www.securityfocus.com/bid/2880
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-033
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A197