CVE-2001-0500

EXPLOITED

Microsoft Index Server < 6.0 - Buffer Overflow

Title source: rule

Description

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16472
exploitdb WORKING POC VERIFIED
by hsj · cremotewindows
https://www.exploit-db.com/exploits/20931
exploitdb WORKING POC VERIFIED
by blackangels · perlremotewindows
https://www.exploit-db.com/exploits/20933
exploitdb WORKING POC VERIFIED
by mat · bashremotewindows
https://www.exploit-db.com/exploits/20932
exploitdb WORKING POC VERIFIED
by Ps0 · cdoswindows
https://www.exploit-db.com/exploits/20930
metasploit WORKING POC GOOD
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/iis/ms01_033_idq.rb

References (7)

Scores

EPSS 0.9071
EPSS Percentile 99.6%

Details

VulnCheck KEV 2001-07-19
Status published
Products (3)
microsoft/indexing_service
microsoft/index_server 2.0
microsoft/internet_information_server < 6.0
Published Jul 21, 2001
Tracked Since Feb 18, 2026