CyberSec.Space Logo
Back to CVE Browser

CVE-2001-0500

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0830%
EPSS Percentile20.67th
PublishedJul 21, 2001
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Index Server

= 2.0
πŸ“¦
Microsoft

Indexing Service

All versions
πŸ“¦
Microsoft

Internet Information Server

<= 6.0

References & Advisories

πŸ”— http://www.cert.org/advisories/CA-2001-13.html
πŸ”— http://www.ciac.org/ciac/bulletins/l-098.shtml
πŸ”— http://www.iss.net/security_center/static/6705.php
πŸ”— http://www.securityfocus.com/archive/1/191873
πŸ”— http://www.securityfocus.com/bid/2880
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-033
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A197
πŸ”— http://www.cert.org/advisories/CA-2001-13.html

Related Vulnerabilities

CVE-2004-101210.0

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arb...

CVE-2004-101310.0

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arb...

CVE-2001-100910.0

Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrar...

CVE-2004-089710.0

The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows rem...