Buffer Overflow in ASP Data Transfer of Internet Information Server by Microsoft
CVE-2002-0147

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server
Vendor: CVE Published:; 22 April 2002

Summary

A buffer overflow vulnerability exists in the ASP data transfer mechanism of Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1. This flaw allows remote attackers to exploit the vulnerability, potentially leading to a denial of service or arbitrary code execution on affected systems. The vulnerability arises from improper handling of chunked data encoding, giving attackers the ability to craft malicious requests that can overflow the allocated buffer, causing significant disruptions or unauthorized access.

References

http://www.iss.net/security_center/static/8796.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/4490

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

51% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 22, 2002
Vulnerability Reserved
Mar 19, 2002