Remote Code Execution Vulnerability in Microsoft IIS Product Line
CVE-2008-0075

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Server
Vendor: CVE Published:; 12 February 2008

Summary

A flaw in Microsoft Internet Information Services (IIS) versions 5.1 and 6.0 allows remote attackers to execute arbitrary code on the server through specially crafted inputs sent to ASP pages. This vulnerability may lead to unauthorized system access and potential compromise of sensitive data.

References

http://www.vupen.com/english/advisories/2008/0508/references

vdb-entryx_refsource_VUPEN

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://marc.info/?l=bugtraq&m=120361015026386&w=2

vendor-advisoryx_refsource_HP

EPSS Score

72% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 12, 2008
Vulnerability Reserved
Jan 3, 2008