Vulnerabilities > Microsoft > Internet Information Services > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-04-22 | CVE-2002-0149 | Unspecified vulnerability in Microsoft products Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. | 7.5 |
| 2002-04-22 | CVE-2002-0148 | Unspecified vulnerability in Microsoft products Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. | 7.5 |
| 2002-04-22 | CVE-2002-0147 | Unspecified vulnerability in Microsoft products Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." | 7.5 |
| 2002-04-22 | CVE-2002-0079 | Heap Overflow vulnerability in Microsoft products Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. | 7.5 |
| 2002-04-22 | CVE-2002-0075 | Unspecified vulnerability in Microsoft products Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | 7.5 |
| 2002-04-22 | CVE-2002-0074 | Unspecified vulnerability in Microsoft products Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | 7.5 |
| 2002-04-22 | CVE-2002-0071 | Buffer Overflow vulnerability in Microsoft products Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | 7.5 |
| 2001-11-20 | CVE-2001-0902 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. | 7.5 |
| 2001-09-20 | CVE-2001-0507 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. | 7.2 |
| 2001-09-20 | CVE-2001-0506 | Buffer Overrun Privelege Elevation vulnerability in Microsoft products Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | 7.2 |