Vulnerabilities > CVE-2002-0079 - Heap Overflow vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (2). CVE-2002-0079. Remote exploit for windows platform id EDB-ID:21369 last seen 2016-02-02 modified 2002-04-14 published 2002-04-14 reporter hsj source https://www.exploit-db.com/download/21369/ title Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability 2 description Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (4). CVE-2002-0079. Remote exploit for windows platform id EDB-ID:21371 last seen 2016-02-02 modified 2002-04-24 published 2002-04-24 reporter yuange source https://www.exploit-db.com/download/21371/ title Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability 4 description Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (1). CVE-2002-0079. Remote exploit for windows platform id EDB-ID:21368 last seen 2016-02-02 modified 2002-04-10 published 2002-04-10 reporter CHINANSL Security Team source https://www.exploit-db.com/download/21368/ title Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability 1 description Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (3). CVE-2002-0079. Remote exploit for windows platform id EDB-ID:21370 last seen 2016-02-02 modified 2002-04-10 published 2002-04-10 reporter NeMeS||y source https://www.exploit-db.com/download/21370/ title Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability 3
Nessus
NASL family | Web Servers |
NASL id | IIS_ASP_OVERFLOW.NASL |
description | There |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10935 |
published | 2002-04-10 |
reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10935 |
title | Microsoft IIS ASP ISAPI Filter Multiple Overflows |
Oval
accepted 2007-05-23T15:05:30.089-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Glenn Strickland organization Secure Elements, Inc. name Josh Turpin organization Symantec Corporation
description Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. family windows id oval:org.mitre.oval:def:16 status deprecated submitted 2004-01-14T12:00:00.000-04:00 title DEPRECATED: Windows NT IIS Chunked Encoding Buffer Overflow version 29 accepted 2010-12-20T04:00:43.992-05:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Glenn Strickland organization Secure Elements, Inc. name Shane Shaffer organization G2, Inc. name Josh Turpin organization Symantec Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. family windows id oval:org.mitre.oval:def:25 status deprecated submitted 2004-01-14T12:00:00.000-04:00 title DEPRECATED: Windows 2000 IIS Chunked Encoding Buffer Overflow version 33
Saint
bid | 4485 |
description | Microsoft IIS ASP chunked encoding buffer overflow |
id | web_server_iis_multiple |
osvdb | 768 |
title | iis_chunked_asp |
type | remote |
References
- http://marc.info/?l=bugtraq&m=101846993304518&w=2
- http://www.cert.org/advisories/CA-2002-09.html
- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
- http://www.iss.net/security_center/static/8795.php
- http://www.kb.cert.org/vuls/id/610291
- http://www.securityfocus.com/bid/4485
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A25