Oval Definition:	oval:org.mitre.oval:def:5308
Revision Date: 2011-11-14 Version: 22 Title: Internet Information Services Remote Code Execution Vulnerability Description: Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2008-0075 Platform(s): Microsoft Windows Server 2003 Microsoft Windows XP Product(s): Microsoft Internet Information Server (IIS) 5.1 Microsoft Internet Information Server (IIS) 6.0 Definition Synopsis Vulnerable IIS 5.1 Microsoft Windows XP SP2 or later is installed AND Microsoft IIS 5.1 is installed AND Check if version of asp.dll is less than 5.1.2600.3291 OR Vulnerable IIS 6.0 Microsoft IIS 6.0 is installed AND Vulnerable OS Vulnerable Windows XP SP1 x64/Server 2003 SP1 x86/x64/ia-64 Windows XP SP1 x64/Server 2003 SP1 x86/x64/ia-64 Microsoft Windows XP Professional x64 Edition SP1 is installed OR Microsoft Windows Server 2003 SP1 (x86) is installed OR Microsoft Windows Server 2003 SP1 (x64) is installed OR Microsoft Windows Server 2003 SP1 for Itanium is installed AND the version of asp.dll is less than 6.0.3790.3050 OR Vulnerable Windows XP SP2 x64/Server 2003 SP2 x86/x64/ia-64 Windows XP SP2 x64/Server 2003 SP2 x86/x64/ia-64 Microsoft Windows XP x64 Edition SP2 is installed OR Microsoft Windows Server 2003 SP2 (x86) is installed OR Microsoft Windows Server 2003 SP2 (x64) is installed OR Microsoft Windows Server 2003 (ia64) SP2 is installed AND the version of asp.dll is less than 6.0.3790.4195
BACK