Back to search
CVE-2001-1243
Published: May 3, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
iis-device-asp-dos(6800)
vdb-entry
x_refsource_XF
2973
vdb-entry
x_refsource_BID
20010704 NERF Advisory #4: MS IIS local and remote DoS
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now