← CVECheck
HomeVulnerabilities

CVE-2001-0506 — HIGH severity vulnerability (Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local)

Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.

CVE IDCVE-2001-0506
SeverityHIGH
CVSS score7.2
CVSS vectorAV:L/AC:L/Au:N/C:C/I:C/A:C
CWENVD-CWE-Other
StatusModified
Published2001-09-20
Last modified2026-04-16
DescriptionBuffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →