CVE-2007-2897

high

Microsoft

CVSS v3 Base Score

7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

53.9%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: May 30, 2007 (6924 days ago)

Last Modified: April 23, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.

CWE

NVD-CWE-Other

Affected Products

microsoft internet information server

References

🔗 archives.neohapsis.com 🔗 seclists.org 🔗 exchange.xforce.ibmcloud.com 🔗 archives.neohapsis.com 🔗 seclists.org

CVE-2007-2897

Vulnerability Report

Description

CWE

Affected Products

References