Code to mitigate IIS semicolon zero-day

This mitigation should help block attempts to exploit the IIS semicolon zero-day BID 37460, but no warranties and no guarantees. It didn't crash my web servers during testing, but I make no representations as to how it will or won't perform on anyone else's web servers. This mitigation is only...

Microsoft IIS ASP chunked encoding buffer overflow

Added: 11/10/2006 CVE: CVE-2002-0079 BID: 4485 OSVDB: 768 Background Microsoft IIS web servers include ISAPI extensions which are invoked in the server process to handle requests of a given type. Problem A buffer overflow in the ASP ISAPI filter allows remote attackers to execute arbitrary comman...

Security Bulletin (MS00-057)

Microsoft Security Bulletin MS00-057 - -------------------------------------- Patch Available for "File Permission Canonicalization" Vulnerability Originally posted: August 10, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet...

CVE-1999-0412

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension...