CVE-2006-0026

Microsoft IIS <6.0 - RCE

Title source: llm

Description

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

Exploits (1)

exploitdb WORKING POC VERIFIED

by cocoruder · clocalwindows

https://www.exploit-db.com/exploits/2056

View Code ZIP pw:eip

References (11)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html

[Patch, Vendor Advisory] http://secunia.com/advisories/21006

[Patch] http://securitytracker.com/id?1016466

[Patch, US Government Resource] http://www.kb.cert.org/vuls/id/395588

[Patch] http://www.securityfocus.com/bid/18858

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA06-192A.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26796

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034

[Third Party Advisory, VDB Entry] http://www.osvdb.org/27152

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/2752

Scores

EPSS 0.9012

EPSS Percentile 99.6%

Details

Status published

Products (2)

microsoft/internet_information_server 6.0

microsoft/internet_information_services 5.0

Published Jul 11, 2006

Tracked Since Feb 18, 2026