Details of VAR-200107-0105

ID

VAR-200107-0105

CVE

CVE-2001-1243

TITLE

Microsoft IIS Device File Local Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200107-051

DESCRIPTION

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. Microsoft IIS is prone to denial of service attacks by local users. This issue is exploitable if the local attacker can create an .asp file which makes calls to various devices names. The local attacker must of course possess the privileges required to create such files. The end result of exploiting this vulnerability is that the server will crash and a denial of services will occur. The affected services must be restarted to regain normal functionality

Trust: 1.17

sources: NVD: CVE-2001-1243 // BID: 2973

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 2973 // CNNVD: CNNVD-200107-051 // NVD: CVE-2001-1243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1243
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200107-051
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2001-1243
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200107-051 // NVD: CVE-2001-1243

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200107-051

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200107-051

EXTERNAL IDS

db:	NVD	id:	CVE-2001-1243	Trust: 1.9
db:	BID	id:	2973	Trust: 1.9
db:	XF	id:	6800	Trust: 0.6
db:	BUGTRAQ	id:	20010704 NERF ADVISORY #4: MS IIS LOCAL AND REMOTE DOS	Trust: 0.6
db:	CNNVD	id:	CNNVD-200107-051	Trust: 0.6

sources: BID: 2973 // CNNVD: CNNVD-200107-051 // NVD: CVE-2001-1243

REFERENCES

url:	http://www.securityfocus.com/bid/2973	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/194919	Trust: 1.6
url:	http://www.iss.net/security_center/static/6800.php	Trust: 1.6
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/iischk.asp	Trust: 0.3
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/iis/tips/iis5chk.asp	Trust: 0.3

sources: BID: 2973 // CNNVD: CNNVD-200107-051 // NVD: CVE-2001-1243

CREDITS

This vulnerability was submitted to BugTraq on July 4th, 2001 by VIPER_SV /nerf/team/ <hax@r.dot> of NERF Security gr0up.

Trust: 0.3

sources: BID: 2973

SOURCES

db:	BID	id:	2973
db:	CNNVD	id:	CNNVD-200107-051
db:	NVD	id:	CVE-2001-1243

LAST UPDATE DATE

2024-08-14T15:36:15.385000+00:00

SOURCES UPDATE DATE

db:	BID	id:	2973	date:	2009-07-11T06:56:00
db:	CNNVD	id:	CNNVD-200107-051	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1243	date:	2018-10-30T16:25:10.357

SOURCES RELEASE DATE

db:	BID	id:	2973	date:	2001-07-04T00:00:00
db:	CNNVD	id:	CNNVD-200107-051	date:	2001-07-04T00:00:00
db:	NVD	id:	CVE-2001-1243	date:	2001-07-04T04:00:00