There is a vulnerability in the redirect function of Microsoft’s Internet Information Server (IIS) 4.0 that could allow an attacker to execute arbitrary code on an affected system.
Internet Information Server (IIS) is a web server available for the Microsoft Windows operating system. IIS provides a redirect function that is responsible for forwarding incoming HTTP requests to another page. There is a buffer overflow vulnerability in the way the redirect function validates the length of incoming requests. By sending a specially crafted message to an affected system, an attacker could trigger a buffer overflow and potentially execute code of the attacker’s choice. For more information, please refer to Microsoft Security Bulletin MS04-021.
Note: According to the Microsoft Security Bulletin, only IIS 4.0 systems are affected.
A remote, unauthenticated attacker could execute arbitrary code on an affected system.
Apply a patch as described in Microsoft Security Bulletin MS04-021.
717748
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: July 14, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please refer to Microsoft Security Bulletin MS04-021.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23717748 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by Microsoft.
This document was written by Damon Morda and based on information provided by Microsoft.
CVE IDs: | CVE-2004-0205 |
---|---|
Severity Metric: | 10.13 Date Public: |