CVE-2001-1243

Published: Jul 4, 2001Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

Affected (2)

Products: Microsoft: Internet Information Server, Internet Information Services

2 products

Internet Information Server

Internet Information Services

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Information Server	Version 4.0
Microsoft Internet Information Services	Version 5.0

References (6)

http://www.iss.net/security_center/static/6800.php

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/194919

Source: cve@mitre.org

http://www.securityfocus.com/bid/2973

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://www.iss.net/security_center/static/6800.php

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/194919

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/2973

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

Timeline

No history available yet.