Summary
Microsoft IIS 4.0 and 5.0 are affected by a web server trasversal vulnerability.
This vulnerability could potentially allow a visitor to a web site to take a wide range of destructive actions against it,
including running programs on it.
Solution
There is not a new patch for this vulnerability. Instead, it is eliminated by the patch that accompanied Microsoft Security Bulletin MS00-057.
Download locations for this patch
Microsoft IIS 4.0:
http://support.microsoft.com/kb/269862/en-us
Microsoft IIS 5.0:
http://technet.microsoft.com/windowsserver/2000/default.aspx
Severity
Classification
-
CVE CVE-2000-0884 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ADODB.Stream object from Internet Explorer (KB870669)
- Microsoft Filter Pack Remote Code Execution Vulnerability (2801261)
- Active Directory Could Allow Remote Code Execution Vulnerability (957280)
- Microsoft DirectAccess Security Advisory (2862152)
- Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)