IIS ASP Server-Side Include exploit v1.38 Vulnerability exploited: CVE-2002-0149 - BID-4478 Category: Exploits/Local Gets SYSTEM privileges under Windows 2000 Servers using IIS. There is an exploitable buffer overflow in the SSINC.DLL file used by Microsoft IIS 5.0. The problem is triggered while including long enough filenames in any ASP file. Supported Systems: Windows 2000 Advanced Server - sp0 (i386) Windows 2000 Advanced Server - sp1 (i386) Windows 2000 Advanced Server - sp2 (i386) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.