CVE-2001-0336

Internet Information Server < 5.0 - Denial of Service via Malformed Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0336. PoCs published by Nelson Bunker.

AI-analyzed exploit summary This exploit targets a denial of service vulnerability in IIS FTP servers by sending a specially crafted wildcard sequence in an FTP command, causing insufficient memory allocation. It uses the Net::FTP Perl module to establish an anonymous connection and trigger the DoS condition.

Description

The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nelson Bunker · perldoswindows

https://www.exploit-db.com/exploits/20846

View Code ZIP pw:eip

This exploit targets a denial of service vulnerability in IIS FTP servers by sending a specially crafted wildcard sequence in an FTP command, causing insufficient memory allocation. It uses the Net::FTP Perl module to establish an anonymous connection and trigger the DoS condition.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft IIS FTP Server (pre-MS01-026 patch)

No auth needed

Prerequisites: Anonymous FTP access enabled on target server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6858

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/5693

Scores

EPSS 0.1594

EPSS Percentile 96.5%

Details

Status published

Products (1)

microsoft/internet_information_server < 5.0

Published Jun 27, 2001

Tracked Since Feb 18, 2026