[security-alerts] FW: [SA28893] Microsoft Internet Information Services Code Execution Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

>
> TITLE:
> Microsoft Internet Information Services Code Execution Vulnerability
>
> SECUNIA ADVISORY ID:
> SA28893
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28893/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> DoS, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Internet Information Services (IIS) 6
> http://secunia.com/product/1438/
> Microsoft Internet Information Services (IIS) 5.x
> http://secunia.com/product/39/
>
> DESCRIPTION:
> A vulnerability has been reported in Microsoft Internet Information
> Services (IIS), which can be exploited by malicious people to
> compromise a vulnerable system.
>
> The vulnerability is caused due to an unspecified error within the
> processing of input to ASP web pages. This can be exploited to
> execute arbitrary code with the privileges of the Worker Process
> Identity (WPI) by passing specially crafted input to an ASP page.
>
> SOLUTION:
> Apply patches.
>
> Windows XP Professional SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=2b498
> 065-d682-4227-b23e-d234d7d6a3fe
>
> Windows XP Professional x64 Edition (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyID=df987
> 5f7-04d6-486e-bdb5-35e9e305fa1d
>
> Windows Server 2003 SP1 / SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=6583e
> 798-d16d-419c-aee1-30c3e6c635b3
>
> Windows Server 2003 x64 Edition (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?familyid=e8286
> 174-8209-409f-8805-e534715a741c
>
> Windows Server 2003 with SP1/SP2 for Itanium-based systems:
> http://www.microsoft.com/downloads/details.aspx?familyid=29faa
> 70d-f1ac-4da4-b72a-faf1973cd845
>
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
>
> ORIGINAL ADVISORY:
> MS08-006 (KB942830):
> http://www.microsoft.com/technet/security/Bulletin/MS08-006.mspx
>