Description
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by VIPER_SV · textdoswindows
https://www.exploit-db.com/exploits/20989
References (3)
Core 3
Core References
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/6800.php
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2973
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/194919
Scores
EPSS
0.2077
EPSS Percentile
95.7%
Details
Status
published
Products (2)
microsoft/internet_information_server
4.0
microsoft/internet_information_services
5.0
Published
Jul 04, 2001
Tracked Since
Feb 18, 2026