IIS IDA-IDQ exploit v1.78 Vulnerability exploited: CVE-2001-0500 - BID-2880 Category: Exploits/Remote A buffer overflow in idq.dll, distributed as an ISAPI extension for indexing services within Microsoft's Internet Information Server, is abused remotely to alter IIS' process stack, gaining control of the execution flow on the target host. After successful exploitation a level0 agent will be installed. The process being exploited is usually run as an IUSR or IWAM user, specially created for IIS to answer anonymous requests. If this condition is present, the newly deployed agent will run with an unprivileged user.In most cases, the RevertToSelf Win32 API call can be used, available with the RevertToSelf module (see "RevertToSelf") to replace the current process access token with the saved one, usually SYSTEM, thus, effectively gaining full control of the target host. Supported Systems: Windows 2000 Advanced Server - sp0 (i386) Windows 2000 Advanced Server - sp2 (i386) Microsoft Index Server 2.0 installed by default with Microsoft IIS 4.0, all Windows NT service packs up to 6, and may be others depending on target's configuration. Default installation of Windows 2000, which includes Microsoft Index Server 5.0 and Microsoft IIS 5.0, service packs up to 2. This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.