Vulnerabilities > CVE-2002-0079 - Heap Overflow vulnerability in Microsoft products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

microsoft

nessus

exploit available

NVD

Published: 2002-04-22

Updated: 2018-10-30

Summary

Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0	2

Exploit-Db

description	Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (2). CVE-2002-0079. Remote exploit for windows platform
id	EDB-ID:21369
last seen	2016-02-02
modified	2002-04-14
published	2002-04-14
reporter	hsj
source	https://www.exploit-db.com/download/21369/
title	Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability 2

description	Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (4). CVE-2002-0079. Remote exploit for windows platform
id	EDB-ID:21371
last seen	2016-02-02
modified	2002-04-24
published	2002-04-24
reporter	yuange
source	https://www.exploit-db.com/download/21371/
title	Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability 4

description	Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (1). CVE-2002-0079. Remote exploit for windows platform
id	EDB-ID:21368
last seen	2016-02-02
modified	2002-04-10
published	2002-04-10
reporter	CHINANSL Security Team
source	https://www.exploit-db.com/download/21368/
title	Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability 1

description	Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (3). CVE-2002-0079. Remote exploit for windows platform
id	EDB-ID:21370
last seen	2016-02-02
modified	2002-04-10
published	2002-04-10
reporter	NeMeS\|\|y
source	https://www.exploit-db.com/download/21370/
title	Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability 3

Nessus

NASL family	Web Servers
NASL id	IIS_ASP_OVERFLOW.NASL
description	There
last seen	2020-06-01
modified	2020-06-02
plugin id	10935
published	2002-04-10
reporter	This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10935
title	Microsoft IIS ASP ISAPI Filter Multiple Overflows

Oval

accepted

2007-05-23T15:05:30.089-04:00

class

vulnerability

contributors

name Tiffany Bergeron
organization The MITRE Corporation
name Glenn Strickland
organization Secure Elements, Inc.
name Josh Turpin
organization Symantec Corporation

description

family

windows

oval:org.mitre.oval:def:16

status

deprecated

submitted

2004-01-14T12:00:00.000-04:00

title

DEPRECATED: Windows NT IIS Chunked Encoding Buffer Overflow

version

accepted

2010-12-20T04:00:43.992-05:00

class

vulnerability

contributors

name Tiffany Bergeron
organization The MITRE Corporation
name Glenn Strickland
organization Secure Elements, Inc.
name Shane Shaffer
organization G2, Inc.
name Josh Turpin
organization Symantec Corporation
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

family

windows

oval:org.mitre.oval:def:25

status

deprecated

submitted

2004-01-14T12:00:00.000-04:00

title

DEPRECATED: Windows 2000 IIS Chunked Encoding Buffer Overflow

version

Saint

bid	4485
description	Microsoft IIS ASP chunked encoding buffer overflow
id	web_server_iis_multiple
osvdb	768
title	iis_chunked_asp
type	remote

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Oval

Saint

References