PT-2003-1443 · Microsoft · Internet Information Services

Ren Guang Yuan

Published

2003-05-30

Updated

2018-10-30

CVE-2003-0224

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Information Services (IIS) version 5.0

Description: A buffer overflow issue in the ssinc.dll component allows local users to execute arbitrary code via a web page containing a Server Side Include (SSI) directive with a long filename.

Recommendations: For Microsoft Internet Information Services (IIS) version 5.0, consider disabling the use of Server Side Include (SSI) directives until a patch is available to prevent exploitation of this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0224

Affected Products

Internet Information Services

PT-2003-1443 · Microsoft · Internet Information Services

CVE-2003-0224

Related Identifiers

Affected Products

References · 5