Reported
January 13, 2004, by
Microsoft.
VERSIONS AFFECTED
·
Microsoft Internet Security and
Acceleration Server 2000 (ISA Server)
DESCRIPTION
·
A vulnerability
in Microsoft Internet Security and Acceleration Server 2000 (ISA Server) can
permit an attacker to run code of his or her choice under the security context
of the Microsoft Firewall Service. This vulnerability stems from a buffer
overrun in ISA Server's H.323 filter. The H.323 filter is enabled by default on
ISA Server servers that are installed in integrated or firewall mode.
VENDOR RESPONSE
Microsoft has released security bulletin
MS04-001, "Vulnerability in
Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could
Allow Remote Code Execution (816458),"
to address this vulnerability and recommends that affected users immediately
apply the appropriate patch listed in the bulletin.
CREDIT
Discovered by
UK National Infrastructure Security Co-ordination Centre (NISCC).
Remote Code Execution Vulnerability in Microsoft ISA Server 2000
1 comment
Hide comments