CVE-2002-0149

Name of the Vulnerable Software and Affected Versions IIS versions 4.0 through 5.1

Description A buffer overflow issue in the ASP Server-Side Include Function allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.

Recommendations For IIS versions 4.0 through 5.1, consider restricting access to the ASP Server-Side Include Function until a patch is available. As a temporary workaround, limit the length of file names to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.