CVE-2008-0075

Microsoft Internet Information Services 5.1-6.0 - Remote Code Execution via ASP Page Input

Title source: llm
STIX 2.1

Description

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

References (8)

Core 8
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0508/references
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5308
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=120361015026386&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28893
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019385
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27676

Scores

EPSS 0.5717
EPSS Percentile 99.0%

Details

CWE
CWE-94
Status published
Products (1)
microsoft/internet_information_server 6.0 (2 CPE variants)
Published Feb 12, 2008
Tracked Since Feb 18, 2026