oval:org.mitre.oval:def:483

Definition Id: oval:org.mitre.oval:def:483

Oval ID:	oval:org.mitre.oval:def:483
Title:	IIS Server Side Include Web Pages Buffer Overrun
Description:	Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0224	Version:	8
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Information Server (IIS)
Definition Synopsis:
Software section IIS major version equals 5 AND IIS minor version equals 0 AND File %windir%\system32\inetsrv\ssinc.dll version is less than 5.0.2195.6624 AND NOT Patch Q811114 Installed AND NOT SP4 or later Installed AND Configuration section SmartHTML interpreter is enabled