Release DateDec 24, 2011 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems |
DescriptionThis indicates an attempt to exploit a Buffer Overflow vulnerability in the HTR ISAPI extension of Microsoft Internet Information Services(IIS).The ism.dll implements HTR scripting in IIS. There is a buffer overflow vulnerability in some versions of IIS that allows attackers to cause a denial of service or execute arbitrary code on a target system via specially crafted HTR requests. |
Affected ProductsMicrosoft Internet Information Server 4.0Microsoft Internet Information Services 5.0 |
Recommended ActionsApply the most recent upgrade or patch from the vendor.http://technet.microsoft.com/en-us/security/bulletin/ms02-018 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-1999-0874CVE-2002-0071 |
Reference/shttp://www.securityfocus.com/bid/4474 (BugTraq)http://www.securityfocus.com/bid/307 (BugTraq) http://technet.microsoft.com/en-us/security/bulletin/MS02-018.mspx (MS-ID) |
