Denial of Service Vulnerability in Scripting.FileSystemObject for Microsoft IIS 4.0 and 5.0

Denial of Service Vulnerability in Scripting.FileSystemObject for Microsoft IIS 4.0 and 5.0

CVE-2001-1243 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

Learn more about our Cis Benchmark Audit For Microsoft Iis.