Threat Encyclopedia

MS.IIS.Biztalk.BizTalkHttpReceive.Access

Description

It indicates a buffer overrun vulnerability in Microsoft Biztalk Server.


There exists buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 that allows attackers to execute arbitrary code on a target system via a certain request to the HTTP receiver.


Affected Products

Any unprotected Microsoft Biztalk server 2002 is vulnerable to the attack.

Impact

Attackers can execute arbitrary code on the victim system.

Recommended Actions

Apply appropriate patches or upgrade the system to the latest non-vulnerable version.


Disable the Http receive functionality unless absolutely needed.


CVE References

CVE-2003-0117