Sign-up

ID

VAR-200106-0035


CVE

CVE-2001-0241


TITLE

Microsoft Windows 2000/Internet Information Server (IIS) 5.0 Internet Printing Protocol (IPP) ISAPI contains buffer overflow (MS01-023)

Trust: 0.8

sources: CERT/CC: VU#516648

DESCRIPTION

Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Microsoft Windows of ISAPI An extension contains a buffer overflow vulnerability because a part of the code that processes input parameters contains a buffer that is not checked for upper bounds.Local System Arbitrary code may be executed with the privileges of. Submitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources

Trust: 5.49

sources: NVD: CVE-2001-0241 // CERT/CC: VU#516648 // CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // JVNDB: JVNDB-2001-000061 // BID: 2565

AFFECTED PRODUCTS

vendor:lotusmodel: - scope: - version: -

Trust: 2.4

vendor:microsoftmodel:windows 2000scope:eqversion:*

Trust: 1.0

vendor:ritmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.8

vendor:microsoftmodel:windows 2000scope:eqversion:advanced server (iis 5.0 when operating )

Trust: 0.8

vendor:microsoftmodel:windows 2000scope:eqversion:datacenter server (iis 5.0 when operating )

Trust: 0.8

vendor:microsoftmodel:windows 2000scope:eqversion:professional (iis 5.0 when operating )

Trust: 0.8

vendor:microsoftmodel:windows 2000scope:eqversion:server (iis 5.0 when operating )

Trust: 0.8

vendor:microsoftmodel:windows 2000scope: - version: -

Trust: 0.6

vendor:lotusmodel:dominoscope:eqversion:5.0.6

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.5

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.4

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.3

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.2

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.1

Trust: 0.3

vendor:lotusmodel:dominoscope:neversion:5.0.7

Trust: 0.3

sources: CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2565 // JVNDB: JVNDB-2001-000061 // CNNVD: CNNVD-200106-123 // NVD: CVE-2001-0241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0241
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#516648
value: 54.00

Trust: 0.8

CARNEGIE MELLON: VU#676552
value: 10.50

Trust: 0.8

CARNEGIE MELLON: VU#601312
value: 9.98

Trust: 0.8

CARNEGIE MELLON: VU#555464
value: 4.25

Trust: 0.8

CARNEGIE MELLON: VU#310816
value: 1.62

Trust: 0.8

NVD: CVE-2001-0241
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200106-123
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2001-0241
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#516648 // CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // JVNDB: JVNDB-2001-000061 // CNNVD: CNNVD-200106-123 // NVD: CVE-2001-0241

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0241

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200106-123

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200106-123

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2001-000061

PATCH
title:MS01-023url:http://www.microsoft.com/technet/security/bulletin/MS01-023.mspx
Trust: 0.8
title:MS01-023url:http://www.microsoft.com/japan/technet/security/bulletin/MS01-023.mspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2001-000061

EXTERNAL IDS
db:BIDid:2674
Trust: 3.2
db:NVDid:CVE-2001-0241
Trust: 2.4
db:CERT/CCid:VU#516648
Trust: 1.6
db:OSVDBid:3323
Trust: 1.6
db:BIDid:2565
Trust: 1.1
db:BIDid:2571
Trust: 0.8
db:XFid:6349
Trust: 0.8
db:CERT/CCid:VU#676552
Trust: 0.8
db:XFid:6347
Trust: 0.8
db:CERT/CCid:VU#601312
Trust: 0.8
db:BIDid:2599
Trust: 0.8
db:XFid:6350
Trust: 0.8
db:CERT/CCid:VU#555464
Trust: 0.8
db:XFid:6423
Trust: 0.8
db:BIDid:2636
Trust: 0.8
db:CERT/CCid:VU#310816
Trust: 0.8
db:JVNDBid:JVNDB-2001-000061
Trust: 0.8
db:MSid:MS01-023
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:1068
Trust: 0.6
db:CERT/CCid:CA-2001-10
Trust: 0.6
db:BUGTRAQid:20010501 WINDOWS 2000 IIS 5.0 REMOTE BUFFER OVERFLOW VULNERABILITY (REMOTE SYSTEM LEVEL ACCESS)
Trust: 0.6
db:XFid:6485
Trust: 0.6
db:CNNVDid:CNNVD-200106-123
Trust: 0.6
sources:
            
            
            CERT/CC: VU#516648 // 
            
            
            
            CERT/CC: VU#676552 // 
            
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#555464 // 
            
            
            
            CERT/CC: VU#310816 // 
            
            
            
            BID: 2565 // 
            
            
            
            JVNDB: JVNDB-2001-000061 // 
            
            
            
            CNNVD: CNNVD-200106-123 // 
            
            
            
            NVD: CVE-2001-0241

REFERENCES
url:http://www.securityfocus.com/bid/2674
Trust: 3.2
url:http://www.securityfocus.com/advisories/3208
Trust: 2.4
url:http://www.cert.org/advisories/ca-2001-10.html
Trust: 2.4
url:http://www.osvdb.org/3323
Trust: 1.6
url:http://www.microsoft.com/technet/security/bulletin/ms01-023.asp
Trust: 1.4
url:http://marc.info/?l=bugtraq&m=98874912915948&w=2
Trust: 1.0
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-023
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6485
Trust: 1.0
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1068
Trust: 1.0
url:http://www.eeye.com/html/research/advisories/ad20010501.html
Trust: 0.8
url:http://www.microsoft.com/technet/security/iis5chk.asp
Trust: 0.8
url:http://www.microsoft.com/technet/security/tools.asp
Trust: 0.8
url:http://www.microsoft.com/downloads/release.asp?releaseid=29321
Trust: 0.8
url:http://www.securityfocus.com/bid/2571
Trust: 0.8
url:http://xforce.iss.net/static/6349.php
Trust: 0.8
url:http://www.securityfocus.com/bid/2565
Trust: 0.8
url:http://xforce.iss.net/static/6347.php
Trust: 0.8
url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126
Trust: 0.8
url:http://www.securityfocus.com/bid/2599
Trust: 0.8
url:http://xforce.iss.net/static/6350.php
Trust: 0.8
url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument
Trust: 0.8
url:http://www.securityfocus.com/bid/2636
Trust: 0.8
url:http://www.ritlabs.com/the_bat/index.html
Trust: 0.8
url:http://www.security.nnov.ru/search/news.asp?binid=1136
Trust: 0.8
url:http://xforce.iss.net/static/6423.php
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0241
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0241
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/516648
Trust: 0.8
url:http://marc.theaimsgroup.com/?l=bugtraq&m=98874912915948&w=2
Trust: 0.6
url:http://xforce.iss.net/static/6485.php
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1068
Trust: 0.6
url:http://www.lotus.com/home.nsf/welcome/domino
Trust: 0.3
sources:
            
            
            CERT/CC: VU#516648 // 
            
            
            
            CERT/CC: VU#676552 // 
            
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#555464 // 
            
            
            
            CERT/CC: VU#310816 // 
            
            
            
            BID: 2565 // 
            
            
            
            JVNDB: JVNDB-2001-000061 // 
            
            
            
            CNNVD: CNNVD-200106-123 // 
            
            
            
            NVD: CVE-2001-0241

CREDITS
Riley Hassell※ riley@eeye.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200106-123

SOURCES
db:CERT/CCid:VU#516648
db:CERT/CCid:VU#676552
db:CERT/CCid:VU#601312
db:CERT/CCid:VU#555464
db:CERT/CCid:VU#310816
db:BIDid:2565
db:JVNDBid:JVNDB-2001-000061
db:CNNVDid:CNNVD-200106-123
db:NVDid:CVE-2001-0241

LAST UPDATE DATE
2025-02-22T19:58:36.904000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#516648date:2001-06-26T00:00:00
db:CERT/CCid:VU#676552date:2001-07-26T00:00:00
db:CERT/CCid:VU#601312date:2001-07-17T00:00:00
db:CERT/CCid:VU#555464date:2001-07-17T00:00:00
db:CERT/CCid:VU#310816date:2001-08-30T00:00:00
db:BIDid:2565date:2001-04-11T00:00:00
db:JVNDBid:JVNDB-2001-000061date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200106-123date:2005-05-02T00:00:00
db:NVDid:CVE-2001-0241date:2019-04-30T14:27:13.710

SOURCES RELEASE DATE
db:CERT/CCid:VU#516648date:2001-05-02T00:00:00
db:CERT/CCid:VU#676552date:2001-07-23T00:00:00
db:CERT/CCid:VU#601312date:2001-07-12T00:00:00
db:CERT/CCid:VU#555464date:2001-07-12T00:00:00
db:CERT/CCid:VU#310816date:2001-06-01T00:00:00
db:BIDid:2565date:2001-04-11T00:00:00
db:JVNDBid:JVNDB-2001-000061date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200106-123date:2001-05-01T00:00:00
db:NVDid:CVE-2001-0241date:2001-06-27T04:00:00