CVE-2000-1147
Microsoft IIS ISAPI ASP Parser - Buffer Overflow Code Execution
Title source: manualExploitation Summary
EIP tracks 1 public exploit for CVE-2000-1147. PoCs published by Marc Maiffret.
AI-analyzed exploit summary The exploit describes a buffer overflow vulnerability in the ASP ISAPI file parser in IIS, where malformed ASP files with a LANGUAGE parameter exceeding 2200 characters and RUNAT set to 'server' can cause a denial of service or arbitrary code execution under SYSTEM privileges. The provided link points to a binary exploit, but the text itself is a technical description of the vulnerability.
Description
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag.
Exploits (1)
The exploit describes a buffer overflow vulnerability in the ASP ISAPI file parser in IIS, where malformed ASP files with a LANGUAGE parameter exceeding 2200 characters and RUNAT set to 'server' can cause a denial of service or arbitrary code execution under SYSTEM privileges. The provided link points to a binary exploit, but the text itself is a technical description of the vulnerability.