Buffer Overflow in Microsoft IIS 4.0 and 5.0 Web Servers
CVE-2002-0364

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server
Vendor: CVE Published:; 3 July 2002

Summary

A buffer overflow vulnerability exists in the chunked encoding transfer mechanism in Microsoft Internet Information Services (IIS) versions 4.0 and 5.0. This flaw allows attackers to execute arbitrary code by exploiting HTR request sessions. Successful exploitation could lead to a complete compromise of the web server's integrity, offering unauthorized access to sensitive data and control over server operations. It is crucial for organizations using these IIS versions to apply relevant patches and mitigations to safeguard their systems.

References

http://www.securityfocus.com/bid/4855

vdb-entryx_refsource_BID

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.kb.cert.org/vuls/id/313819

third-party-advisoryx_refsource_CERT-VN

EPSS Score

65% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 3, 2002
Vulnerability Reserved
May 8, 2002