Details of VAR-200106-0035

ID

VAR-200106-0035

CVE

CVE-2001-0241

TITLE

Microsoft Windows 2000/Internet Information Server (IIS) 5.0 Internet Printing Protocol (IPP) ISAPI contains buffer overflow (MS01-023)

Trust: 0.8

sources: CERT/CC: VU#516648

DESCRIPTION

Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Microsoft Windows of ISAPI An extension contains a buffer overflow vulnerability because a part of the code that processes input parameters contains a buffer that is not checked for upper bounds.Local System Arbitrary code may be executed with the privileges of. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account

Trust: 4.77

sources: NVD: CVE-2001-0241 // CERT/CC: VU#516648 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // JVNDB: JVNDB-2001-000061 // BID: 2636

AFFECTED PRODUCTS

vendor:	lotus	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	microsoft	model:	windows 2000	scope:	eq	version:	*	Trust: 1.0
vendor:	rit	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 0.8
vendor:	microsoft	model:	windows 2000	scope:	eq	version:	advanced server (iis 5.0 when operating )	Trust: 0.8
vendor:	microsoft	model:	windows 2000	scope:	eq	version:	datacenter server (iis 5.0 when operating )	Trust: 0.8
vendor:	microsoft	model:	windows 2000	scope:	eq	version:	professional (iis 5.0 when operating )	Trust: 0.8
vendor:	microsoft	model:	windows 2000	scope:	eq	version:	server (iis 5.0 when operating )	Trust: 0.8
vendor:	microsoft	model:	windows 2000	scope:	-	version:	-	Trust: 0.6
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.101	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.51	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.49	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.48	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.47	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.46	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.45	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.44	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.43	Trust: 0.3
vendor:	rit	model:	research labs the bat! f	scope:	eq	version:	1.42	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.42	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.41	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.39	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.36	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.35	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.34	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.33	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.32	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.31	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.22	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.21	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.19	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.18	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.17	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.15	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.14	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.5	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.1	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.043	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.041	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.039	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.036	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.035	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.032	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.031	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.029	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.028	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.015	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.011	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	ne	version:	1.52	Trust: 0.3

sources: CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2636 // CNNVD: CNNVD-200106-123 // JVNDB: JVNDB-2001-000061 // NVD: CVE-2001-0241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0241
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#516648
value:	54.00
Trust: 0.8
CARNEGIE MELLON:	VU#601312
value:	9.98
Trust: 0.8
CARNEGIE MELLON:	VU#555464
value:	4.25
Trust: 0.8
CARNEGIE MELLON:	VU#310816
value:	1.62
Trust: 0.8
NVD:	CVE-2001-0241
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200106-123
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2001-0241
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: CERT/CC: VU#516648 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // CNNVD: CNNVD-200106-123 // JVNDB: JVNDB-2001-000061 // NVD: CVE-2001-0241

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0241

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200106-123

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200106-123

CONFIGURATIONS

sources: JVNDB: JVNDB-2001-000061

PATCH

title:	MS01-023	url:	http://www.microsoft.com/technet/security/bulletin/MS01-023.mspx	Trust: 0.8
title:	MS01-023	url:	http://www.microsoft.com/japan/technet/security/bulletin/MS01-023.mspx	Trust: 0.8

sources: JVNDB: JVNDB-2001-000061

EXTERNAL IDS

db:	BID	id:	2674	Trust: 3.2
db:	NVD	id:	CVE-2001-0241	Trust: 2.4
db:	CERT/CC	id:	VU#516648	Trust: 1.6
db:	OSVDB	id:	3323	Trust: 1.6
db:	BID	id:	2636	Trust: 1.1
db:	XF	id:	6347	Trust: 0.8
db:	BID	id:	2565	Trust: 0.8
db:	CERT/CC	id:	VU#601312	Trust: 0.8
db:	BID	id:	2599	Trust: 0.8
db:	XF	id:	6350	Trust: 0.8
db:	CERT/CC	id:	VU#555464	Trust: 0.8
db:	XF	id:	6423	Trust: 0.8
db:	CERT/CC	id:	VU#310816	Trust: 0.8
db:	JVNDB	id:	JVNDB-2001-000061	Trust: 0.8
db:	MS	id:	MS01-023	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:1068	Trust: 0.6
db:	CERT/CC	id:	CA-2001-10	Trust: 0.6
db:	BUGTRAQ	id:	20010501 WINDOWS 2000 IIS 5.0 REMOTE BUFFER OVERFLOW VULNERABILITY (REMOTE SYSTEM LEVEL ACCESS)	Trust: 0.6
db:	XF	id:	6485	Trust: 0.6
db:	CNNVD	id:	CNNVD-200106-123	Trust: 0.6

sources: CERT/CC: VU#516648 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2636 // CNNVD: CNNVD-200106-123 // JVNDB: JVNDB-2001-000061 // NVD: CVE-2001-0241

REFERENCES

url:	http://www.securityfocus.com/bid/2674	Trust: 3.2
url:	http://www.cert.org/advisories/ca-2001-10.html	Trust: 2.4
url:	http://www.securityfocus.com/advisories/3208	Trust: 1.6
url:	http://www.osvdb.org/3323	Trust: 1.6
url:	http://www.microsoft.com/technet/security/bulletin/ms01-023.asp	Trust: 1.4
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1068	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6485	Trust: 1.0
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-023	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=98874912915948&w=2	Trust: 1.0
url:	http://www.eeye.com/html/research/advisories/ad20010501.html	Trust: 0.8
url:	http://www.microsoft.com/technet/security/iis5chk.asp	Trust: 0.8
url:	http://www.microsoft.com/technet/security/tools.asp	Trust: 0.8
url:	http://www.microsoft.com/downloads/release.asp?releaseid=29321	Trust: 0.8
url:	http://www.securityfocus.com/bid/2565	Trust: 0.8
url:	http://xforce.iss.net/static/6347.php	Trust: 0.8
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126	Trust: 0.8
url:	http://www.securityfocus.com/bid/2599	Trust: 0.8
url:	http://xforce.iss.net/static/6350.php	Trust: 0.8
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument	Trust: 0.8
url:	http://www.securityfocus.com/bid/2636	Trust: 0.8
url:	http://www.ritlabs.com/the_bat/index.html	Trust: 0.8
url:	http://www.security.nnov.ru/search/news.asp?binid=1136	Trust: 0.8
url:	http://xforce.iss.net/static/6423.php	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0241	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0241	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/516648	Trust: 0.8
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=98874912915948&w=2	Trust: 0.6
url:	http://xforce.iss.net/static/6485.php	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1068	Trust: 0.6
url:	http://www.thebat.net	Trust: 0.3

CREDITS

Riley Hassell※ riley@eeye.com

Trust: 0.6

sources: CNNVD: CNNVD-200106-123

SOURCES

db:	CERT/CC	id:	VU#516648
db:	CERT/CC	id:	VU#601312
db:	CERT/CC	id:	VU#555464
db:	CERT/CC	id:	VU#310816
db:	BID	id:	2636
db:	CNNVD	id:	CNNVD-200106-123
db:	JVNDB	id:	JVNDB-2001-000061
db:	NVD	id:	CVE-2001-0241

LAST UPDATE DATE

2025-10-20T02:47:08.216000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#516648	date:	2001-06-26T00:00:00
db:	CERT/CC	id:	VU#601312	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#555464	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-08-30T00:00:00
db:	BID	id:	2636	date:	2001-04-18T00:00:00
db:	CNNVD	id:	CNNVD-200106-123	date:	2005-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2001-000061	date:	2007-04-01T00:00:00
db:	NVD	id:	CVE-2001-0241	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#516648	date:	2001-05-02T00:00:00
db:	CERT/CC	id:	VU#601312	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#555464	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-06-01T00:00:00
db:	BID	id:	2636	date:	2001-04-18T00:00:00
db:	CNNVD	id:	CNNVD-200106-123	date:	2001-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2001-000061	date:	2007-04-01T00:00:00
db:	NVD	id:	CVE-2001-0241	date:	2001-06-27T04:00:00