|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
A remote overflow exists in the Internet Services Application Programming Interface (ISAPI) ISM.DLL extensions used in HTR scripting. With a specially crafted URL, an attacker can cause either a DoS or the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
Arbitrary code will be executed with the privileges of the IWAM_computername account for default installations of IIS 5.0 and 5.1.
If the vulnerability is exploited to cause a DoS, the IIS service must be restarted manually on for version 4.0, while the service would automatically restart in IIS 5.0.
|
|
Solution |
Install Patch Q319733, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workarounds:
1. Disable HTR ISAPI extension - All versions of the IIS Lockdown Tool disable HTR by default.
2. The URLScan tool can be used to prevent code execution (even if HTR is enabled), but not the DoS.
|
|
Products |
|
IIS
 |
4.0 |
5.0 |
|
|
|
|
|
|
Credit |
- Riley Hassell - riley
 eeye.com - eEye Digital Security
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
