Description
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
Remediation
References
Related Vulnerabilities
PostgreSQL CVE-2021-32029 Vulnerability (CVE-2021-32029)
Claroline Other Vulnerability (CVE-2006-7048)
Moodle DEPRECATED: Code Vulnerability (CVE-2015-2270)
WordPress Plugin Appointments Scheduler Cross-Site Scripting (1.5)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-3062)