Microsoft

Internet Information Server

107 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2010-1899

  • EPSS 86.63%
  • Published 15.09.2010 19:00:18
  • Last modified 11.04.2025 00:51:21

Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS...

8.5

CVE-2010-1256

  • EPSS 33.55%
  • Published 08.06.2010 20:30:02
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corr...

2.6

CVE-2003-1582

Exploit
  • EPSS 4.96%
  • Published 05.02.2010 22:30:02
  • Last modified 11.04.2025 00:51:21

Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated...

9

CVE-2009-3023

Exploit
  • EPSS 77.22%
  • Published 31.08.2009 20:30:01
  • Last modified 09.04.2025 00:30:58

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, ...

7.2

CVE-2008-0074

  • EPSS 2.03%
  • Published 12.02.2008 21:00:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

10

CVE-2008-0075

  • EPSS 72.5%
  • Published 12.02.2008 21:00:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

7.5

CVE-2007-2897

  • EPSS 53.48%
  • Published 30.05.2007 10:30:00
  • Last modified 09.04.2025 00:30:58

Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physi...

7.8

CVE-2007-0087

  • EPSS 42.16%
  • Published 05.01.2007 18:28:00
  • Last modified 09.04.2025 00:30:58

Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of ...

4.4

CVE-2006-6579

  • EPSS 0.19%
  • Published 15.12.2006 19:28:00
  • Last modified 09.04.2025 00:30:58

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write acces...

6.5

CVE-2006-0026

  • EPSS 90.12%
  • Published 11.07.2006 22:05:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).