| Vulnerability Name: | CVE-2001-0241 (CCN-6485) | ||||||||
| Assigned: | 2001-05-01 | ||||||||
| Published: | 2001-05-01 | ||||||||
| Updated: | 2019-04-30 | ||||||||
| Summary: | Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue May 01 2001 - 15:15:10 CDT Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access) Source: CCN Type: BugTraq Mailing List, Tue May 01 2001 - 20:57:42 CDT Re: Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access) Source: CCN Type: BugTraq Mailing List, Thu May 03 2001 - 06:08:38 CDT IIS 5 remote exploit. Source: CCN Type: BugTraq Mailing List, Thu May 03 2001 - 07:09:07 CDT How to remove .printer mapping (WAS RE: Permanently remove IIS pr inter mapping) Source: CCN Type: BugTraq Mailing List, Wed May 02 2001 - 22:04:43 CDT Re: Permanently remove iis printer mapping Source: CCN Type: BugTraq Mailing List, Sun May 13 2001 - 08:12:02 CDT IIS5 .printer exploit ported to perl and win32 Source: MITRE Type: CNA CVE-2001-0241 Source: BUGTRAQ Type: UNKNOWN 20010501 Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access) Source: CCN Type: CERT Advisory CA-2001-10 Buffer Overflow Vulnerability in Microsoft IIS 5.0 Source: CERT Type: US Government Resource CA-2001-10 Source: CCN Type: CIAC Information Bulletin L-078 Microsoft Unchecked Buffer in ISAPI Extension Source: CCN Type: eEye Digital Security Team Alert AD20010501 Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access) Source: CCN Type: Internet Security Systems Security Alert #75 Remote IIS ISAPI Printer Extension Buffer Overflow Source: CCN Type: US-CERT VU#516648 Microsoft Windows 2000/Internet Information Server (IIS) 5.0 Internet Printing Protocol (IPP) ISAPI contains buffer overflow (MS01-023) Source: CCN Type: Microsoft Security Bulletin MS01-023 Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server Source: CCN Type: Microsoft Technet Secure Internet Information Services 5 Checklist Source: CCN Type: National Infrastructure Protection Center Advisory 01-011 "Buffer Overflow Vulnerability in Microsoft's Internet Information Services (IIS) 5.0" Source: OSVDB Type: UNKNOWN 3323 Source: CCN Type: OSVDB ID: 3323 Microsoft IIS ISAPI .printer Extension Host Header Overflow Source: BID Type: Exploit, Patch, Vendor Advisory 2674 Source: CCN Type: BID-2674 Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability Source: MS Type: UNKNOWN MS01-023 Source: XF Type: UNKNOWN iis-isapi-printer-bo(6485) Source: XF Type: UNKNOWN iis-isapi-printer-bo(6485) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1068 Source: CCN Type: Rapid7 Vulnerability and Exploit Database MS01-023 Microsoft IIS 5.0 Printer Host Header Overflow | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||