Unrated severityNVD Advisory· Published Jul 11, 2006· Updated Apr 16, 2026

CVE-2006-0026

Description

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

Affected products

Microsoft/Internet Information Server
cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*
Microsoft/Internet Information Services
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/21006nvdPatchVendor Advisory
securitytracker.com/idnvdPatch
www.kb.cert.org/vuls/id/395588nvdPatchUS Government Resource
www.securityfocus.com/bid/18858nvdPatch
www.us-cert.gov/cas/techalerts/TA06-192A.htmlnvdUS Government Resource
archives.neohapsis.com/archives/bugtraq/2006-07/0316.htmlnvd
www.osvdb.org/27152nvd
www.vupen.com/english/advisories/2006/2752nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26796nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.072
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000