Microsoft IIS ISAPI Filter Multiple Vulnerabilities (MS01-044)

This script is Copyright (C) 2001-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

There's a buffer overflow in the remote web server through
the ISAPI filter.

It is possible to overflow the remote web server and execute
commands as user SYSTEM.

Additionally, other vulnerabilities exist in the remote web
server since it has not been patched.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms01-033
http://technet.microsoft.com/en-us/security/bulletin/ms01-044

Solution :

Apply the patches from the bulletins above.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 10685 (iis_isapi_overflow.nasl)

Bugtraq ID: 2690
2880
3190
3193
3194
3195

CVE ID: CVE-2001-0544
CVE-2001-0545
CVE-2001-0506
CVE-2001-0507
CVE-2001-0508
CVE-2001-0500