Reported May 1, 2001, by Microsoft.
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Data Center Server
Microsoft Internet Information Services 5.0
A buffer overflow condition exists in Internet Information Services (IIS) 5.0 that could let an attacker choose code to run under the system’s security context. This vulnerability stems from an unchecked buffer in the Internet Server API (ISAPI) .printer extension (C:\WINNT\System32\msw3prt.dll) that handles the input parameters to support the Internet Printing Protocol (IPP). The overflow condition occurs when a user sends approximately 420 bytes within the HTTP Host: header for a .printer ISAPI request. See eEye Digital Security for a more detailed advisory.
Microsoft has issued security bulletin MS01-023 to address this vulnerability, and has also issued a hotfix that fixes the unchecked buffer in the ISAPI extension that handles the input parameters. Users who are unable to apply this hotfix should remove the mapping for the Internet printing ISAPI extension. Microsoft’s Secure Internet Information Services 5 Checklist provides more information on this procedure.
Discovered by Riley Hasel and Ryan Permeh of eEye Digital Security