Summary
Microsoft IIS 4.0 and 5.0 are affected by a web server trasversal vulnerability.
This vulnerability could potentially allow a visitor to a web site to take a wide range of destructive actions against it,
including running programs on it.
Solution
There is not a new patch for this vulnerability. Instead, it is eliminated by the patch that accompanied Microsoft Security Bulletin MS00-057.
Download locations for this patch
Microsoft IIS 4.0:
http://support.microsoft.com/kb/269862/en-us
Microsoft IIS 5.0:
http://technet.microsoft.com/windowsserver/2000/default.aspx
Severity
Classification
-
CVE CVE-2000-0884 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
- Cumulative Security Update for Internet Explorer (961260)
- Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
- Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
- Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)