Oval Definition:	oval:org.mitre.oval:def:483
Revision Date: 2011-05-16 Version: 21 Title: IIS Server Side Include Web Pages Buffer Overrun Description: Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2003-0224 Platform(s): Microsoft Windows 2000 Product(s): Microsoft Internet Information Server (IIS) Definition Synopsis Software section IIS major version equals 5 AND IIS minor version equals 0 AND File %windir%\system32\inetsrv\ssinc.dll version is less than 5.0.2195.6624 AND NOT Patch Q811114 Installed AND NOT SP4 or later Installed AND Configuration section SmartHTML interpreter is enabled
BACK