Description

Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.

Remediation

References

CVE-2001-0506

Related Vulnerabilities

WordPress Plugin The Events Calendar Cross-Site Scripting (3.0)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7890)

WordPress Plugin Zip Attachments Arbitrary File Download (1.4)

WordPress Use of Insufficiently Random Values Vulnerability (CVE-2017-17091)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-48010)

Severity

High

Classification

CVE-2001-0506

Tags

Missing Update Known Vulnerabilities