CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2815

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0680%
EPSS Percentile31.35th
PublishedMay 22, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Internet Information Services

= 5.0

References & Advisories

πŸ”— http://osvdb.org/41091
πŸ”— http://securityreason.com/securityalert/2725
πŸ”— http://support.microsoft.com/kb/328832
πŸ”— http://www.securityfocus.com/archive/1/469238/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/24105
πŸ”— http://osvdb.org/41091
πŸ”— http://securityreason.com/securityalert/2725
πŸ”— http://support.microsoft.com/kb/328832

Related Vulnerabilities

CVE-2006-634610.0

Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier...

CVE-2007-249410.0

Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers ...

CVE-2003-022410.0

Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code vi...

CVE-2008-007510.0

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbi...