Reported June 18, 2001, by Microsoft.
VERSIONS AFFECTED
-
Microsoft Internet Information Server 4.0
-
Microsoft Internet Information Services 5.0
-
Microsoft Internet Information Service XP beta
DESCRIPTION
A vulnerability exists in
Microsoft Index Server that can let an attacker execute code under the system
security context and take any action on the server, including assuming full
control of the server. This vulnerability stems from an unchecked buffer in the
Index Server Internet Server API (ISAPI) extension idq.dll, which provides
support for administration scripts. The buffer overrun condition occurs before
any indexing is requested—therefore the server
remains vulnerable even if the Index Service isn't running. If you
have the script mappings for .ida and .idq extensions in place and users can
establish Web sessions to the server, you have a vulnerable server.
VENDOR RESPONSE
The vendor, Microsoft, has released security bulletin MS01-033 for this vulnerability and recommends that users immediately apply the patch specified in the bulletin. The company further recommends that you remove script mappings for .ida and .idq extensions under IIS if you're not using them as mentioned in the security checklists for IIS 4.0 and IIS 5.0.
CREDIT
Discovered by Riley
Hassell of eEye Digital Security.
