Summary
Microsoft IIS 4.0 and 5.0 are affected by a web server trasversal vulnerability.
This vulnerability could potentially allow a visitor to a web site to take a wide range of destructive actions against it,
including running programs on it.
Solution
There is not a new patch for this vulnerability. Instead, it is eliminated by the patch that accompanied Microsoft Security Bulletin MS00-057.
Download locations for this patch
Microsoft IIS 4.0:
http://support.microsoft.com/kb/269862/en-us
Microsoft IIS 5.0:
http://technet.microsoft.com/windowsserver/2000/default.aspx
Severity
Classification
-
CVE CVE-2000-0884 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (961260)
- Microsoft DirectShow Remote Code Execution Vulnerability (961373)
- Microsoft Antimalware Client Privilege Elevation Vulnerability (2823482)
- .NET JIT Compiler Vulnerability
- Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)