返回 CVE 浏览器

CVE-2001-0500

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0830%

EPSS Percentile20.67th

Published2001年7月21日

Last Modified2026年4月16日

Vulnerability Description

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.

Affected Platforms (CPE)

📦

Microsoft

Index Server

= 2.0

📦

Microsoft

Indexing Service

All versions

📦

Microsoft

Internet Information Server

<= 6.0

References & Advisories

🔗 http://www.cert.org/advisories/CA-2001-13.html

🔗 http://www.ciac.org/ciac/bulletins/l-098.shtml

🔗 http://www.iss.net/security_center/static/6705.php

🔗 http://www.securityfocus.com/archive/1/191873

🔗 http://www.securityfocus.com/bid/2880

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-033

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A197

🔗 http://www.cert.org/advisories/CA-2001-13.html

相关漏洞威胁

CVE-2004-101210.0

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arb...

CVE-2004-101310.0

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arb...

CVE-2001-100910.0

Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrar...

CVE-2004-089710.0

The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows rem...