Date: Fri, 29 Mar 2024 09:14:49 -0400 (EDT) Message-ID: <1534715945.37.1711718089991@windcrest.sei.cmu.edu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_36_438300206.1711718089988" ------=_Part_36_438300206.1711718089988 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
A complete revision history is at the end of this file.
A vulnerability exists i= n Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder t= o run arbitrary code on the victim machine, allowing them to gain complete = administrative control of the machine.
A proof-of-concept exploit is = publicly available for this vulnerability, which increases the urgency that= system administrators apply the patch.
Microsoft has issued the f= ollowing bulletin regarding this vulnerability:
This vulnerability has been assigned the identifier CAN-2001-0241 by the= Common Vulnerabilities and Exposures (CVE) group:
Anyone who can reach a vul= nerable web server can execute arbitrary code in the Local System security = context, resulting in the intruder gaining complete control of the system. = Note that this may be significantly more serious than a simple "web defacem= ent."
A patch is available from Microsoft at
=
p>
Additional advice on securing IIS web servers is available from
The following documents r=
egarding this vulnerability are available from Microsoft:
Copyright 2001 Carnegie Mellon University.
Revision History
May 02, 2001: Initial Release