PT-2001-1710 · Microsoft · Iis+2

Published

2001-07-21

Updated

2025-03-14

CVE-2001-0500

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Index Server 2.0 and Indexing Service 2000 in IIS versions prior to 6.0

Description: A buffer overflow issue exists in the ISAPI extension idq.dll, allowing remote attackers to execute arbitrary commands. This is achieved by providing a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files, such as default.ida. This issue has been commonly exploited.

Recommendations: For Index Server 2.0 and Indexing Service 2000 in IIS versions prior to 6.0, consider disabling the idq.dll ISAPI extension as a temporary workaround until a patch is available. Restrict access to .ida and .idq files to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0500

Affected Products

Iis

Index Server 2.0

Indexing Service 2000

PT-2001-1710 · Microsoft · Iis+2

CVE-2001-0500

Related Identifiers

Affected Products

References · 16