Lucene search
SAINT CorporationSAINT:41907C3E21F1F5BBF8918B1259ED8EBAHistoryNov 10, 2006 - 12:00 a.m.
Microsoft IIS ASP chunked encoding buffer overflow
2006-11-1000:00:00
SAINT Corporation
www.saintcorporation.com
18
0.964 High
EPSS
Percentile
99.4%
Added: 11/10/2006
CVE: CVE-2002-0079
BID: 4485
OSVDB: 768
Background
Microsoft IIS web servers include ISAPI extensions which are invoked in the server process to handle requests of a given type.
Problem
A buffer overflow in the ASP ISAPI filter allows remote attackers to execute arbitrary commands by sending chunked encoded form data in a POST request for an ASP page.
Resolution
Apply the patch referenced in Microsoft Security Bulletin 02-018.
References
<http://www.kb.cert.org/vuls/id/610291>
<http://archives.neohapsis.com/archives/bugtraq/2002-04/0116.html>
Limitations
Exploit works on IIS 5.0.
Platforms
Windows
Related
cve
cve
CVE-2002-0079
2002-04-22 04:00:00
saint
saint
Microsoft IIS ASP chunked encoding buffer overflow
2006-11-10 00:00:00
Microsoft IIS ASP chunked encoding buffer overflow
2006-11-10 00:00:00
Microsoft IIS ASP chunked encoding buffer overflow
2006-11-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft IIS ISAPI Heap Overflow (MS02-018; CVE-2002-0079)
2009-06-03 00:00:00
cert
cert
nessus
nessus
Microsoft IIS ASP ISAPI Filter Multiple Overflows
2002-04-10 00:00:00
securityvulns
securityvulns
Multiple Remote Vulnerabilities in Microsoft IIS
2002-04-11 00:00:00
Advisory CA-2002-09 Multiple Vulnerabilities in Microsoft IIS
2002-04-12 00:00:00
cisco
cisco
Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
2002-04-15 18:00:00