← back
CVE-2001-1243

CVE-2001-1243

EPSS 63.2%
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/20989unverifiedexploitdbwww.exploit-db.com/exploits/20991unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.iss.net/security_center/static/6800.phphttp://www.securityfocus.com/archive/1/194919http://www.securityfocus.com/bid/2973