CVE-2001-0506

Microsoft Internet Information Server - Buffer Overflow

Title source: rule

Description

Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Indigo · clocalwindows

https://www.exploit-db.com/exploits/21071

View Code ZIP pw:eip

References (6)

[Mailing List] http://marc.info/?l=bugtraq&m=99802093532233&w=2

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/l-132.shtml

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/3190

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/242541

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6984

Scores

EPSS 0.7761

EPSS Percentile 99.0%

Details

Status published

Products (2)

microsoft/internet_information_server 4.0

microsoft/internet_information_services 5.0

Published Sep 20, 2001

Tracked Since Feb 18, 2026