CVE-2006-0026

Internet Information Services 5.0-6.0 - Buffer Overflow via Crafted Active Server Pages

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0026. PoCs published by cocoruder.

AI-analyzed exploit summary This exploit targets a stack overflow vulnerability in Microsoft IIS ASP (CVE-2006-0026) by crafting a malicious ASP file with an overly long include directive. It includes shellcode to execute arbitrary commands (e.g., calc.exe) and is designed for Windows 2000 Server SP4 with IIS 5.0.

Description

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

Exploits (1)

exploitdb WORKING POC VERIFIED

by cocoruder · clocalwindows

https://www.exploit-db.com/exploits/2056

View Code ZIP pw:eip

This exploit targets a stack overflow vulnerability in Microsoft IIS ASP (CVE-2006-0026) by crafting a malicious ASP file with an overly long include directive. It includes shellcode to execute arbitrary commands (e.g., calc.exe) and is designed for Windows 2000 Server SP4 with IIS 5.0.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft IIS 5.0 (Windows 2000 Server SP4)

No auth needed

Prerequisites: Ability to upload a malicious ASP file to the target IIS server

MITRE ATT&CK