Buffer Overflow Vulnerability in Microsoft Internet Information Services (IIS)
CVE-2006-0026

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Server; Internet Information Services
Vendor: CVE Published:; 11 July 2006

Summary

A buffer overflow vulnerability exists in Microsoft Internet Information Services (IIS) versions 5.0, 5.1, and 6.0, which can be exploited by local and potentially remote attackers. This flaw arises from improper handling of Active Server Pages (ASP), allowing attackers to send specially crafted requests that can lead to arbitrary code execution on the affected server. To mitigate this risk, it is crucial for organizations to apply the relevant security patches and ensure their IIS configurations are secured against such intrusions.

References

http://archives.neohapsis.com/archives/bugtraq/2006-07/03...

mailing-listx_refsource_BUGTRAQ

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

89% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 11, 2006
Vulnerability Reserved
Nov 30, 2005