Reported June 12, 2002, by
Microsoft.
VERSIONS AFFECTED
·
Microsoft Internet Information Services (IIS) 5.0
·
Microsoft Internet Information Server (IIS) 4.0
DESCRIPTION
A buffer overrun condition exists in IIS 5.0 and 4.0
that can lead to remote compromise of the affected system. This vulnerability
stems from an unchecked buffer in the Internet Server API (ISAPI) extension that
implements HTR.
VENDOR RESPONSE
The
vendor, Microsoft, has released Security
Bulletin MS02-028
(Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise) to
address this vulnerability. This vulnerability doesn't affect users who don't
use the HTR functionality. Microsoft recommends that only affected users
download and apply the appropriate patch mentioned in the bulletin.
CREDIT
Discovered by eEye
Digital Security.
Buffer Overrun in Microsoft IIS 5.0 and 4.0 HTR
0 comments
Hide comments