Oval Definition:	oval:org.mitre.oval:def:197
Revision Date: 2011-05-16 Version: 47 Title: IIS ISAPI Extension Indexing Service Buffer Overflow (Code Red) Description: Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2001-0500 Platform(s): Microsoft Windows 2000 Product(s): Microsoft Internet Information Server (IIS) Definition Synopsis Software section IIS major version equals 5 AND IIS minor version equals 0 AND File %windir%\system32\idq.dll version is less than 5.0.2195.3645 AND NOT Patch Q300972 Installed AND NOT Patch Q301625 Installed AND NOT Patch Q319733 Installed AND NOT Patch Q327696 Installed AND NOT Patch Q811114 Installed AND NOT Windows 2000 Security Roll-up 1 Installed AND NOT Win2K/XP/2003 service pack 3 (or later) is installed AND Configuration section idq.dll mapping exists
BACK