CVE-2001-1243 Information

Description

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

Reference

http://www.iss.net/security_center/static/6800.php http://www.securityfocus.com/archive/1/194919 http://www.securityfocus.com/bid/2973