6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.963 High
EPSS
Percentile
99.5%
Microsoft Internet Information Services (IIS) contains a buffer overflow vulnerability. This may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system.
IIS
IIS is a web server that comes with Microsoft Windows.
ASP
ASP (Active Server Pages) is a technology for creating dynamic web sites. IIS includes the ability to serve ASP content.
The problem
IIS contains a buffer overflow in the handling of specially crafted ASP pages.
A remote, authenticated attacker may be able to run arbitrary code on a vulnerable system. This code would run with the privileges of IWAM_<machinename>
on a system with IIS 5.0 and 5.1, and it would run with NetworkService
privileges on a system with IIS 6.0.
Apply an update
This vulnerability is addressed by the updates provided by MS06-034.
395588
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: July 11, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Microsoft Security Bulletin MS06-034.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23395588 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx>
Thanks to Microsoft for reporting this vulnerability, who in turn credit Brett Moore of Security-Assessment.com.
This document was written by Will Dormann.
CVE IDs: | CVE-2006-0026 |
---|---|
Severity Metric: | 19.43 Date Public: |