Vulnerabilities > Microsoft > Internet Information Services
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-01-15 | CVE-2003-1566 | Configuration vulnerability in Microsoft Internet Information Services 5.0 Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. | 5.0 |
| 2008-10-15 | CVE-2008-1446 | Integer Overflow OR Wraparound vulnerability in Microsoft Internet Information Services Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." | 9.0 |
| 2008-09-29 | CVE-2008-4300 | Unspecified vulnerability in Microsoft Internet Information Services A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. | 5.0 |
| 2008-02-12 | CVE-2008-0074 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. | 7.2 |
| 2007-05-22 | CVE-2007-2815 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Information Services 5.0 The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. | 10.0 |
| 2006-12-15 | CVE-2006-6579 | Unspecified vulnerability in Microsoft products Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. local microsoft | 4.4 |
| 2006-12-15 | CVE-2006-6578 | Unspecified vulnerability in Microsoft Internet Information Services 5.1 Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions. | 7.5 |
| 2006-07-11 | CVE-2006-0026 | Unspecified vulnerability in Microsoft products Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). | 6.5 |
| 2005-12-20 | CVE-2005-4360 | Unchecked Return Value vulnerability in Microsoft Internet Information Services 5.1 The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". | 7.8 |
| 2005-08-23 | CVE-2005-2678 | Unspecified vulnerability in Microsoft products Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. | 5.0 |