CVE-2001-0500

Name of the Vulnerable Software and Affected Versions: Index Server 2.0 and Indexing Service 2000 in IIS versions prior to 6.0

Description: A buffer overflow issue exists in the ISAPI extension idq.dll, allowing remote attackers to execute arbitrary commands. This is achieved by providing a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files, such as default.ida. This issue has been commonly exploited.

Recommendations: For Index Server 2.0 and Indexing Service 2000 in IIS versions prior to 6.0, consider disabling the idq.dll ISAPI extension as a temporary workaround until a patch is available. Restrict access to .ida and .idq files to minimize the risk of exploitation.