VAR-200106-0035
Vulnerability from variot - Updated: 2025-12-22 21:42Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Microsoft Windows of ISAPI An extension contains a buffer overflow vulnerability because a part of the code that processes input parameters contains a buffer that is not checked for upper bounds.Local System Arbitrary code may be executed with the privileges of. DIIOP by default listens on port 63148. Making continuous and unusually large connection requests to port 63148, will invoke a DIIOP session. Each such connection request will launch a new DIIOP session. Eventually this process will cause CPU utilization to spike to 100% on the target host
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200106-0035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "lotus",
"version": null
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "advanced server (iis 5.0 when operating )"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "datacenter server (iis 5.0 when operating )"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "professional (iis 5.0 when operating )"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "server (iis 5.0 when operating )"
},
{
"model": "windows 2000",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.6"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.5"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.4"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.3"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.2"
},
{
"model": "domino",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.1"
},
{
"model": "domino",
"scope": "ne",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.7"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "BID",
"id": "2599"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-123"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000061"
},
{
"db": "NVD",
"id": "CVE-2001-0241"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_2000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000061"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Riley Hassell\u203b riley@eeye.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200106-123"
}
],
"trust": 0.6
},
"cve": "CVE-2001-0241",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2001-0241",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-0241",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#516648",
"trust": 0.8,
"value": "54.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#676552",
"trust": 0.8,
"value": "10.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#601312",
"trust": 0.8,
"value": "9.98"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#555464",
"trust": 0.8,
"value": "4.25"
},
{
"author": "NVD",
"id": "CVE-2001-0241",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200106-123",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#516648"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-123"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000061"
},
{
"db": "NVD",
"id": "CVE-2001-0241"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Microsoft Windows of ISAPI An extension contains a buffer overflow vulnerability because a part of the code that processes input parameters contains a buffer that is not checked for upper bounds.Local System Arbitrary code may be executed with the privileges of. \nDIIOP by default listens on port 63148. Making continuous and unusually large connection requests to port 63148, will invoke a DIIOP session. Each such connection request will launch a new DIIOP session. Eventually this process will cause CPU utilization to spike to 100% on the target host",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0241"
},
{
"db": "CERT/CC",
"id": "VU#516648"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000061"
},
{
"db": "BID",
"id": "2599"
}
],
"trust": 4.77
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2674",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2001-0241",
"trust": 2.4
},
{
"db": "CERT/CC",
"id": "VU#516648",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "3323",
"trust": 1.6
},
{
"db": "BID",
"id": "2599",
"trust": 1.1
},
{
"db": "BID",
"id": "2571",
"trust": 0.8
},
{
"db": "XF",
"id": "6349",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#676552",
"trust": 0.8
},
{
"db": "XF",
"id": "6347",
"trust": 0.8
},
{
"db": "BID",
"id": "2565",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#601312",
"trust": 0.8
},
{
"db": "XF",
"id": "6350",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#555464",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000061",
"trust": 0.8
},
{
"db": "MS",
"id": "MS01-023",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:1068",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2001-10",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010501 WINDOWS 2000 IIS 5.0 REMOTE BUFFER OVERFLOW VULNERABILITY (REMOTE SYSTEM LEVEL ACCESS)",
"trust": 0.6
},
{
"db": "XF",
"id": "6485",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200106-123",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#516648"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "BID",
"id": "2599"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-123"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000061"
},
{
"db": "NVD",
"id": "CVE-2001-0241"
}
]
},
"id": "VAR-200106-0035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-12-22T21:42:10.089000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS01-023",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS01-023.mspx"
},
{
"title": "MS01-023",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/MS01-023.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000061"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0241"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.securityfocus.com/bid/2674"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/advisories/3208"
},
{
"trust": 2.4,
"url": "http://www.cert.org/advisories/ca-2001-10.html"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/3323"
},
{
"trust": 1.4,
"url": "http://www.microsoft.com/technet/security/bulletin/ms01-023.asp"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1068"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6485"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-023"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=98874912915948\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20010501.html"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/iis5chk.asp"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/tools.asp"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/downloads/release.asp?releaseid=29321"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2571"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6349.php"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2565"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6347.php"
},
{
"trust": 0.8,
"url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2599"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6350.php"
},
{
"trust": 0.8,
"url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0241"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0241"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/516648"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98874912915948\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6485.php"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1068"
},
{
"trust": 0.3,
"url": "http://www.lotus.com/home.nsf/welcome/domino"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#516648"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "BID",
"id": "2599"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-123"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000061"
},
{
"db": "NVD",
"id": "CVE-2001-0241"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#516648"
},
{
"db": "CERT/CC",
"id": "VU#676552"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "BID",
"id": "2599"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-123"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000061"
},
{
"db": "NVD",
"id": "CVE-2001-0241"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#516648"
},
{
"date": "2001-07-23T00:00:00",
"db": "CERT/CC",
"id": "VU#676552"
},
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#601312"
},
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#555464"
},
{
"date": "2001-04-11T00:00:00",
"db": "BID",
"id": "2599"
},
{
"date": "2001-05-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-123"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000061"
},
{
"date": "2001-06-27T04:00:00",
"db": "NVD",
"id": "CVE-2001-0241"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-06-26T00:00:00",
"db": "CERT/CC",
"id": "VU#516648"
},
{
"date": "2001-07-26T00:00:00",
"db": "CERT/CC",
"id": "VU#676552"
},
{
"date": "2001-07-17T00:00:00",
"db": "CERT/CC",
"id": "VU#601312"
},
{
"date": "2001-07-17T00:00:00",
"db": "CERT/CC",
"id": "VU#555464"
},
{
"date": "2001-04-11T00:00:00",
"db": "BID",
"id": "2599"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-123"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000061"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2001-0241"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200106-123"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Windows 2000/Internet Information Server (IIS) 5.0 Internet Printing Protocol (IPP) ISAPI contains buffer overflow (MS01-023)",
"sources": [
{
"db": "CERT/CC",
"id": "VU#516648"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200106-123"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…