Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Microsoft Internet Information Server (IIS) Web Server Vendors:   Microsoft
Microsoft's Internet Information Server's ASP Processor Can Be Crashed by Remote Users in Certain Situations
SecurityTracker Alert ID:  1001923
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 5 2001
Impact:   Denial of service via local system, Denial of service via network
Exploit Included:  Yes  
Version(s): IIS 4, 5
Description:   A vulnerability was reported in Microsoft Interent Information Server's ASP processor that allows remote users to cause the ASP processor to crash in certain situations.

NERF gr0up reported a vulnerability in the ASP processor (asp.dll) that can be triggered when device files (e.g., com1, com2) using Scripting.FileSystemObject will crash ASP-processor (asp.dll).

A local user that has permissions to create .asp files can create ASP pages that will cause the ASP processor to crash.

If an ASP script will read user-specified files, a remote user can pass a device name as a file parameter to cause the ASP processor to crash, using a request such as:


An exploit is included in the Source Message.

Impact:   A local or remote user can cause the IIS ASP processor to crash, requiring the process to be restarted to return to normal operations.
Solution:   No vendor solution was available at the time of this entry. Authors of ASP scripts can ensure that files to be opened by Scripting.FileSystemObject to check a file for existing before opening the file.
Vendor URL: (Links to External Site)
Cause:   Resource error, State error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents

Subject:  NERF Advisory #4: MS IIS local and remote DoS

                              --== NERF gr0up security advisory #4 ==--  
                                  MS IIS local and remote DoS      

1. Vulnerable soft: IIS 4,5   

2. Description:
Openning and reading of device files (com1, com2, etc.) using Scripting.FileSystemObject will crash ASP-processor (asp.dll).
3. Local exploit:
If you have permission on creating .asp-file, you can crash ASP-processor.
4. Remote exploit:
Sometimes filename passing as asp-script param, which open and read data from file. Passing param as device file will
crash asp-processor.
5. Solution:
Fix Scripting.FileSystemObject (have to check file for existing before openning.
6. ASP-Exploit:
  Dim strFileName, objFSO, objFile
  Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
  strFileName = "com1"
  Set objFile = objFSO.OpenTextFile(strFileName)
  Response.Write objFile.ReadAll

for poor english
Found by buggzy (
NERF Security gr0up (, Russia, 2001 (c)


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC