CVE-2002-0071

Name of the Vulnerable Software and Affected Versions Internet Information Server (IIS) versions 4.0 through 5.0

Description A buffer overflow issue exists in the ism.dll ISAPI extension, which implements HTR scripting. This allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.

Recommendations For IIS versions 4.0 through 5.0, consider disabling the ism.dll ISAPI extension as a temporary workaround until a patch is available. Restrict access to HTR scripting to minimize the risk of exploitation. Avoid using long variable names in HTR requests until the issue is resolved.