Vulnerabilities > Microsoft > Internet Information Server > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-27 | CVE-2017-7269 | Classic Buffer Overflow vulnerability in Microsoft Internet Information Server 6.0 Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. | 9.8 |
| 2008-02-12 | CVE-2008-0075 | Code Injection vulnerability in Microsoft Internet Information Server 6.0 Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. | 10.0 |
| 2001-07-21 | CVE-2001-0500 | Buffer Overflow vulnerability in Microsoft products Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. | 10.0 |
| 1999-07-19 | CVE-1999-1011 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. | 10.0 |
| 1999-02-09 | CVE-1999-0407 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | 10.0 |
| 1999-01-14 | CVE-1999-1376 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. | 10.0 |