Reported June 18, 2001, by Microsoft.



  • Microsoft Internet Information Server 4.0

  • Microsoft Internet Information Services 5.0

  • Microsoft Internet Information Service XP beta


A vulnerability exists in Microsoft Index Server that can let an attacker execute code under the system security context and take any action on the server, including assuming full control of the server. This vulnerability stems from an unchecked buffer in the Index Server Internet Server API (ISAPI) extension idq.dll, which provides support for administration scripts. The buffer overrun condition occurs before any indexing is requested—therefore the server remains vulnerable even if the Index Service isn't running. If you have the script mappings for .ida and .idq extensions in place and users can establish Web sessions to the server, you have a vulnerable server.



The vendor, Microsoft, has released security bulletin MS01-033 for this vulnerability and recommends that users immediately apply the patch specified in the bulletin. The company further recommends that you remove script mappings for .ida and .idq extensions under IIS if you're not using them as mentioned in the security checklists for IIS 4.0 and IIS 5.0.


Discovered by Riley Hassell of eEye Digital Security.