CVE-2002-0079

Exploitation Summary

EIP tracks 4 public exploits for CVE-2002-0079. PoCs published by yuange, hsj, NeMeS||y.

AI-analyzed exploit summary This exploit targets a heap overflow vulnerability in Microsoft IIS 4.0/5.0 via chunked encoding in ASP.dll. It includes shellcode to execute arbitrary commands, with configurable return addresses for different Windows versions.

Description

Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.

Exploits (4)

exploitdb WORKING POC VERIFIED

by yuange · cremotewindows

https://www.exploit-db.com/exploits/21371

View Code ZIP pw:eip

This exploit targets a heap overflow vulnerability in Microsoft IIS 4.0/5.0 via chunked encoding in ASP.dll. It includes shellcode to execute arbitrary commands, with configurable return addresses for different Windows versions.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Microsoft IIS 4.0, 5.0

No auth needed

Prerequisites: Network access to vulnerable IIS server · ASP.dll loaded on target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by hsj · cremotewindows

https://www.exploit-db.com/exploits/21369

View Code ZIP pw:eip

This exploit targets a heap overflow in Microsoft IIS 4.0/5.0 via chunked encoding in ASP, allowing remote code execution. It crafts a malicious HTTP request with shellcode to spawn a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Microsoft IIS 4.0, 5.0

No auth needed

Prerequisites: Network access to vulnerable IIS server · Default or exploitable ASP script (e.g., iisstart.asp)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by NeMeS||y · cremotewindows

https://www.exploit-db.com/exploits/21370

View Code ZIP pw:eip

This exploit targets a heap overflow vulnerability in Microsoft IIS 4.0 and 5.0 via chunked encoding transfer mechanism in Active Server Pages. It includes shellcode to achieve remote code execution (RCE) on vulnerable systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft IIS 4.0 and 5.0

No auth needed

Prerequisites: Network access to vulnerable IIS server · Chunked encoding enabled on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by CHINANSL Security Team · cremotewindows

https://www.exploit-db.com/exploits/21368

View Code ZIP pw:eip

This exploit targets a heap overflow in Microsoft IIS 4.0/5.0 via chunked encoding in ASP, allowing remote code execution. It sends a crafted POST request with shellcode to trigger the vulnerability and spawns a reverse shell on port 1111.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft IIS 4.0/5.0

No auth needed

Prerequisites: Network access to vulnerable IIS server · ASP enabled on the target

MITRE ATT&CK