CVE-2001-0500

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.

Published: Jul 21, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-0500
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_information_server	-	6.0.x
microsoft / indexing_service	-	-
microsoft / index_server	2.0	2.0.x

http://www.cert.org/advisories/CA-2001-13.html
http://www.ciac.org/ciac/bulletins/l-098.shtml
http://www.iss.net/security_center/static/6705.php
http://www.securityfocus.com/archive/1/191873
http://www.securityfocus.com/bid/2880
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-033
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A197

Vulnerability Database

289,599

CVE-2001-0500