MS IIS/PWS Escaped Characters Decoding Command Execution Vulnerability
|
Bugtraq ID:
|
2708
|
|
Class:
|
Design Error
|
|
CVE:
|
CVE-2001-0333
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
May 15 2001 12:00AM
|
|
Updated:
|
Jan 29 2007 08:18PM
|
|
Credit:
|
Discovered and posted to Bugtraq by Nsfocus Security Team <security@nsfocus.com> on May 15, 2001. Posted in a Microsoft Security Bulletin MS01-026.
|
|
Vulnerable:
|
Microsoft Windows NT 4.0 SP6a
+
Microsoft Windows NT Enterprise Server 4.0 SP6a
+
Microsoft Windows NT Enterprise Server 4.0 SP6a
+
Microsoft Windows NT Server 4.0 SP6a
+
Microsoft Windows NT Server 4.0 SP6a
+
Microsoft Windows NT Terminal Server 4.0 SP6a
+
Microsoft Windows NT Workstation 4.0 SP6a
+
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Personal Web Server 3.0
+
Microsoft NT Option Pack for NT 4.0 0
+
Microsoft NT Option Pack for NT 4.0 0
+
Microsoft Windows 95
+
Microsoft Windows 95
+
Microsoft Windows 98
+
Microsoft Windows 98
Microsoft Personal Web Server 1.0
-
Microsoft Windows 95
-
Microsoft Windows 95
Microsoft IIS 5.0
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
+
Microsoft Windows 2000 Advanced Server
+
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
+
Microsoft Windows 2000 Professional
+
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
+
Microsoft Windows 2000 Server
+
Microsoft Windows 2000 Server
Microsoft IIS 4.0
+
Cisco Building Broadband Service Manager (BBSM) 5.0
+
Cisco Building Broadband Service Manager (BBSM) 5.0
+
Cisco Call Manager 3.0
+
Cisco Call Manager 3.0
+
Cisco Call Manager 2.0
+
Cisco Call Manager 2.0
+
Cisco Call Manager 1.0
+
Cisco Call Manager 1.0
+
Cisco ICS 7750
+
Cisco ICS 7750
+
Cisco IP/VC 3540 Video Rate Matching Module
+
Cisco IP/VC 3540 Video Rate Matching Module
+
Cisco Unity Server 2.4
+
Cisco Unity Server 2.4
+
Cisco Unity Server 2.3
+
Cisco Unity Server 2.3
+
Cisco Unity Server 2.2
+
Cisco Unity Server 2.2
+
Cisco Unity Server 2.0
+
Cisco Unity Server 2.0
+
Cisco uOne 4.0
+
Cisco uOne 4.0
+
Cisco uOne 3.0
+
Cisco uOne 3.0
+
Cisco uOne 2.0
+
Cisco uOne 2.0
+
Cisco uOne 1.0
+
Cisco uOne 1.0
+
Hancom Hancom Office 2007 0
+
Hancom Hancom Office 2007 0
+
Microsoft BackOffice 4.5
+
Microsoft BackOffice 4.5
+
Microsoft Windows NT 4.0 Option Pack
+
Microsoft Windows NT 4.0 Option Pack
Microsoft IIS 3.0
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6
-
Microsoft Windows NT 4.0 SP6
-
Microsoft Windows NT 4.0 SP5
-
Microsoft Windows NT 4.0 SP5
-
Microsoft Windows NT 4.0 SP4
-
Microsoft Windows NT 4.0 SP4
-
Microsoft Windows NT 4.0 SP3
-
Microsoft Windows NT 4.0 SP3
-
Microsoft Windows NT 4.0 SP2
-
Microsoft Windows NT 4.0 SP2
-
Microsoft Windows NT 4.0 SP1
-
Microsoft Windows NT 4.0 SP1
-
Microsoft Windows NT 4.0
-
Microsoft Windows NT 4.0
|
|
|
|
Not Vulnerable:
|
|
|
