Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA21006] Microsoft Internet Information Services ASP Code Buffer Overflow

To: <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FW: [SA21006] Microsoft Internet Information Services ASP Code Buffer Overflow
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Wed, 12 Jul 2006 11:21:51 +0400
Content-class: urn:content-classes:message
Content-length: 2045
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: AcalLPgWHUgBJoI1T4qS7/Hjq+8VfAAVqNOg
Thread-topic: [SA21006] Microsoft Internet Information Services ASP Code Buffer Overflow

> 
> TITLE:
> Microsoft Internet Information Services ASP Code Buffer Overflow
> 
> SECUNIA ADVISORY ID:
> SA21006
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/21006/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Microsoft Internet Information Services (IIS) 5.x
> http://secunia.com/product/39/
> Microsoft Internet Information Services (IIS) 6
> http://secunia.com/product/1438/
> 
> DESCRIPTION:
> A vulnerability has been reported in Microsoft Internet Information
> Services, which can be exploited by malicious users to compromise a
> vulnerable system.
> 
> The vulnerability is caused due to a boundary error in the handling
> of ASP code. This can be exploited by placing and executing
> maliciously crafted ASP code.
> 
> Successful exploitation requires access to upload ASP code to a web
> folder.
> 
> SOLUTION:
> Apply patches.
> 
> Microsoft Windows 2000 (requires SP4):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=c917d
6da-da2d-402c-a870-1de3cbd21ebf
> 
> Microsoft Windows XP Professional (requires SP1 or SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=55d3c
a3a-97fc-4e22-8ecc-9416ebc993c4
> 
> Microsoft Windows XP Professional x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=4e19b
792-7505-4453-b460-5a16915443db
> 
> Microsoft Windows Server 2003 (with or without SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=c5e27
4a8-f962-4944-8878-6b88b1592bbf
> 
> Microsoft Windows Server 2003 (Itanium) (with or without SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=e2dc2
45e-d0f3-41b9-b090-68a2118001cb
> 
> Microsoft Windows Server 2003 x64 Edition family:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=f29c8
86d-b896-4fcf-a22b-2c1a53b1a9eb
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Brett Moore of Security-Assessment.
> 
> ORIGINAL ADVISORY:
> MS06-034 (KB917537):
> http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx
>

Prev by Date: [security-alerts] FW: [SA21014] Adobe Acrobat Buffer Overflow Vulnerability
Next by Date: [security-alerts] FW: [SA20999] Microsoft ASP.NET URL Validation Security Bypass
Previous by thread: [security-alerts] FW: [SA21014] Adobe Acrobat Buffer Overflow Vulnerability
Next by thread: [security-alerts] FW: [SA20999] Microsoft ASP.NET URL Validation Security Bypass
Index(es):
- Date
- Thread