CVE-2001-0500

EXPLOITED

Index Server and Indexing Service - Remote Code Execution via Long Argument to ISAPI Extension

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2001-0500 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 6 public exploits from researchers including Metasploit, hsj, blackangels, including a Metasploit module exploits/windows/iis/ms01_033_idq.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in the IDQ ISAPI handler for Microsoft Index Server (CVE-2001-0500). It crafts a malicious HTTP GET request with a long string to trigger the overflow and execute arbitrary shellcode.

Description

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16472

This exploit targets a stack buffer overflow in the IDQ ISAPI handler for Microsoft Index Server (CVE-2001-0500). It crafts a malicious HTTP GET request with a long string to trigger the overflow and execute arbitrary shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS 5.0 with Index Server
No auth needed
Prerequisites: Network access to vulnerable IIS server · Target running Windows 2000 Pro (SP0, SP1, or SP2)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by hsj · cremotewindows
https://www.exploit-db.com/exploits/20931

This exploit targets CVE-2001-0500, a buffer overflow in the 'idq.dll' ISAPI extension of Microsoft IIS Index Server/Indexing Service. It crafts a malicious HTTP request to execute arbitrary code in the Local System context, leveraging a jmp/call ebx technique and shellcode to establish a reverse connection.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS 4.0/5.0 with Index Server/Indexing Service
No auth needed
Prerequisites: IIS with Index Server/Indexing Service installed · Network access to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by blackangels · perlremotewindows
https://www.exploit-db.com/exploits/20933

This exploit targets multiple Cisco vulnerabilities, including buffer overflows and DoS attacks. It is designed to test for and exploit vulnerabilities in Cisco IOS and other Cisco products.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Cisco IOS and other Cisco products
No auth needed
Prerequisites: Network access to the target device · Perl environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by mat · bashremotewindows
https://www.exploit-db.com/exploits/20932

This exploit targets CVE-2001-0500, a buffer overflow in the 'idq.dll' ISAPI extension of Windows Index Server/Indexing Service. It sends a maliciously crafted HTTP GET request to execute arbitrary shellcode, potentially granting Local System access.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows Index Server/Indexing Service (IIS 4.0/5.0)
No auth needed
Prerequisites: Target running vulnerable IIS with idq.dll installed · Network access to port 80
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Ps0 · cdoswindows
https://www.exploit-db.com/exploits/20930

This exploit targets an unchecked buffer vulnerability in the 'idq.dll' ISAPI extension of Windows Index Server/Indexing Service. It sends a maliciously crafted HTTP GET request with a long string of 'A' characters to trigger a buffer overflow, leading to a Denial of Service (DoS).

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft IIS with Index Server/Indexing Service (idq.dll)
No auth needed
Prerequisites: IIS with idq.dll installed · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/iis/ms01_033_idq.rb

This Metasploit module exploits a stack buffer overflow in the IDQ ISAPI handler for Microsoft Index Server (CVE-2001-0500). It crafts a malicious HTTP GET request to trigger the vulnerability and execute arbitrary payloads on vulnerable Windows 2000 systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS 5.0 with Index Server on Windows 2000
No auth needed
Prerequisites: Network access to vulnerable IIS server · Target running Windows 2000 with Index Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/191873
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2880
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/l-098.shtml
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/6705.php
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A197
Exploit, Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2001-13.html

Scores

EPSS 0.9019
EPSS Percentile 99.6%

Details

VulnCheck KEV 2001-07-19
Status published
Products (3)
microsoft/index_server 2.0
microsoft/indexing_service
microsoft/internet_information_server < 6.0
Published Jul 21, 2001
Tracked Since Feb 18, 2026