Vulnerability Description
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Index Server | 2.0 |
| Microsoft | Indexing Service | All versions |
| Microsoft | Internet Information Server | <= 6.0 |
References
- http://www.cert.org/advisories/CA-2001-13.htmlExploitPatchThird Party Advisory
- http://www.ciac.org/ciac/bulletins/l-098.shtml
- http://www.iss.net/security_center/static/6705.php
- http://www.securityfocus.com/archive/1/191873
- http://www.securityfocus.com/bid/2880
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-03
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.cert.org/advisories/CA-2001-13.htmlExploitPatchThird Party Advisory
- http://www.ciac.org/ciac/bulletins/l-098.shtml
- http://www.iss.net/security_center/static/6705.php
- http://www.securityfocus.com/archive/1/191873
- http://www.securityfocus.com/bid/2880
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-03
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2001-0500?
CVE-2001-0500 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Inte...
How severe is CVE-2001-0500?
CVE-2001-0500 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0500?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Index Server, Microsoft Indexing Service, Microsoft Internet Information Server.