Vulnerabilities > CVE-2001-1243 - Local DoS vulnerability in Microsoft products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
microsoft
exploit available
NVD
Published: 2001-07-04
Updated: 2018-10-30

Summary

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

Vulnerable Configurations

Part Description Count
Application
Microsoft
2

Exploit-Db

  • descriptionMicrosoft IIS 4.0/5.0 Device File Local DoS Vulnerability. CVE-2001-1243 . Dos exploit for windows platform
    idEDB-ID:20989
    last seen2016-02-02
    modified2001-07-04
    published2001-07-04
    reporterVIPER_SV
    sourcehttps://www.exploit-db.com/download/20989/
    titleMicrosoft IIS 4.0/5.0 Device File Local DoS Vulnerability
  • descriptionMicrosoft IIS 4.0/5.0 Device File Remote DoS Vulnerability. CVE-2001-1243. Dos exploit for windows platform
    idEDB-ID:20991
    last seen2016-02-02
    modified2001-07-04
    published2001-07-04
    reporterVIPER_SV
    sourcehttps://www.exploit-db.com/download/20991/
    titleMicrosoft IIS 4.0/5.0 Device File Remote DoS Vulnerability

References