Microsoft · Internet Information Services · CVE-2003-0224
Name of the Vulnerable Software and Affected Versions:
Microsoft Internet Information Services (IIS) version 5.0
Description:
A buffer overflow issue in the ssinc.dll component allows local users to execute arbitrary code via a web page containing a Server Side Include (SSI) directive with a long filename.
Recommendations:
For Microsoft Internet Information Services (IIS) version 5.0, consider disabling the use of Server Side Include (SSI) directives until a patch is available to prevent exploitation of this issue.