IIS Printer exploit v1.47 Vulnerability exploited: CVE-2001-0241 - BID-2674 Category: Exploits/Remote A buffer overflow condition is exploited in msw3prt.dll, a component of Windows 2000 Internet printing ISAPI extension for Microsoft's IIS 5.0 server. After successful exploitation a level0 agent will be installed. The process being exploited is usually run as an IUSR or IWAM user, specially created for IIS to answer anonymous requests. If this condition is present, the newly deployed agent will run with an unprivileged user.In most cases, the RevertToSelf Win32 API call can be used, available with the RevertToSelf module (see "RevertToSelf") to replace the current process access token with the saved one, usually SYSTEM, thus, effectively gaining full control of the target host. Supported Systems: Windows 2000 Server - sp0 (i386) Windows 2000 Server - sp1 (i386) Windows 2000 Advanced Server - sp0 (i386) Windows 2000 Advanced Server - sp1 (i386) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.