CVE-2000-1147

Microsoft IIS ISAPI ASP Parser - Buffer Overflow Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1147. PoCs published by Marc Maiffret.

AI-analyzed exploit summary The exploit describes a buffer overflow vulnerability in the ASP ISAPI file parser in IIS, where malformed ASP files with a LANGUAGE parameter exceeding 2200 characters and RUNAT set to 'server' can cause a denial of service or arbitrary code execution under SYSTEM privileges. The provided link points to a binary exploit, but the text itself is a technical description of the vulnerability.

Description

Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Marc Maiffret · textlocalwindows
https://www.exploit-db.com/exploits/20383

The exploit describes a buffer overflow vulnerability in the ASP ISAPI file parser in IIS, where malformed ASP files with a LANGUAGE parameter exceeding 2200 characters and RUNAT set to 'server' can cause a denial of service or arbitrary code execution under SYSTEM privileges. The provided link points to a binary exploit, but the text itself is a technical description of the vulnerability.

Classification
Writeup 90%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft IIS with ASP ISAPI file parser
No auth needed
Prerequisites: Ability to upload or execute a malformed ASP file on the target IIS server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/143070
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5510
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1911

Scores

EPSS 0.0788
EPSS Percentile 94.0%

Details

Status published
Products (1)
microsoft/internet_information_server 4.0
Published Jan 09, 2001
Tracked Since Feb 18, 2026