Microsoft IIS .HTR ISAPI Filter Enabled

The IIS server appears to have the .HTR ISAPI filter mapped. At least one remote vulnerability has been discovered for the .HTR filter. This is detailed in Microsoft Advisory MS02-018, and gives remote SYSTEM level access to the web server. It is recommended that, even if you have patched this...

Microsoft IIS ASP ISAPI Filter Multiple Overflows

There's a buffer overflow in the remote web server through the ASP ISAPI filter. It is possible to overflow the remote web server and execute commands as user 'SYSTEM'. C Tenable Network Security, Inc. Thanks to: Marc Maiffret - his post on vuln-dev saved a lot of my time See the Nessus Scripts...

Microsoft Internet Information Server (IIS) vulnerable to DoS when URL request exceeds maximum allowed length

Overview Intruders may be able to cause the IIS service to fail by sending a particular kind of overly-long URL. Description ISAPI is a programming interface to IIS that can be used to modify or extend the behavior of IIS. Programs written using ISAPI are known as either filters or extension,...

Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 buffer overflow in chunked encoding transfer mechanism for ASP

Overview A buffer overflow vulnerability in IIS 4.0, 5.0, and 5.1 could allow an intruder to execute arbitrary code on an IIS server with the privileges of the ASP ISAPI extension. Description Chunked encoding is a means to transfer variable-sized units of data called chunks from a web client to ...

Microsoft Internet Information Server (IIS) vulnerable to heap overflow during processing of crafted ".htr" request by "ISM.DLL" ISAPI filter

Overview A buffer overflow in the HTR ISAP extension on IIS servers could permit an intruder to interrupt the normal operation of IIS or possibly execute arbitrary code with the privileges of the HTR extension. Description HTR is a server-side scripting technology for IIS which has largely been...

Microsoft Internet Information Server (IIS) vulnerable to buffer overflow via inaccurate checking of delimiters in HTTP header fields

Overview A buffer overflow in IIS could allow an intruder to execute arbitrary code the the privileges of the ASP ISAPI extension. Description Like all web servers, IIS parses HTTP headers and decomposes them into the constituent parts. As part of this processing, IIS checks for delimiters that a...

CVE-2001-0500

Buffer overflow in ISAPI extension idq.dll in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration .ida and Internet Data Query .idq files such as default.ida, as commonly...

CVE-2001-0500

CVE-2001-0500 is a buffer-overflow in the IDQ ISAPI handler (idq.dll) used by Microsoft IIS Indexing Service/Index Server 2.0 (and IIS 6.0 beta and earlier). The vulnerability allows remote attackers to execute arbitrary commands by sending a long argument to the .ida and .idq entry points (e.g.,...

CVE-2002-0050

Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data...

Переполнение буфера в Microsoft Commerce Server 2000 (buffer overflow)

Переполнение буфера в устанавливаемом ISAPI-фильтре AuthFilt...

Security Bulletin MS02-010

---------------------------------------------------------------------- Title: Unchecked Buffer in ISAPI Filter Could Allow Commerce Server Compromise Date: 21 February 2002 Software: Commerce Server 2000 Impact: Run code of attacker's choice. Max Risk: Critical Bulletin: MS02-010 Microsoft...

ActivePerl 5.6.1 - perlIIS.dll Remote Buffer Overflow (1)

ActivePerl 5.6.1 - perlIIS.dll Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/3526/info ActivePerl is an implementation of the Perl scripting language for Microsoft Windows systems developed by Activestate. ActivePerl allows for high-performance integration with IIS using a...

NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability

NSFOCUS Security AdvisorySA2001-07 Topic: ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability Release DateЈє 2001-11-15 CVE CAN ID : CAN-2001-0815 BUGTRAQ ID : 3526 Affected system: ================ Activestate ActivePerl 5.6.1.629 and earlier versions - Microsoft IIS 4.0 - Microsoft IIS 5...

CVE-2001-0004

This CVE concerns IIS 4.0/5.0 where an attacker can cause the server to disclose file contents by sending a crafted GET request that appends %3F+.htr, causing the target file to be parsed as an .HTR ISAPI extension. Impact: unauthenticated remote disclosure of potentially sensitive files within t...

CVE-2001-0241

CVE-2001-0241 affects the IIS 5.0 ISAPI Internet Printing Protocol extension (.printer) on Windows 2000. A buffer overflow in the Host: field of HTTP Printer requests allows remote code execution with the web server’s privileges. The provided documents describe an unchecked buffer in the ISAPI .p...

CVE-2001-0500

Buffer overflow in ISAPI extension idq.dll in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration .ida and Internet Data Query .idq files such as default.ida, as commonly...

Immunity Canvas: MS01_033

Name| ms01033 ---|--- CVE| CVE-2001-0500 Exploit Pack| CANVAS Description| IIS 5.0 Index Server ISAPI .ida Overflow Notes| CVE Name: CVE-2001-0500 VENDOR: Microsoft MSADV: MS01-033 VersionsAffected: Repeatability: References: http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx CVE Ur...

VulnCheck KEV: CVE-2001-0500

Buffer overflow in ISAPI extension idq.dll in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration .ida and Internet Data Query .idq files such as default.ida, as...

Immunity Canvas: MS01_023

Name| ms01023 ---|--- CVE| CVE-2001-0241 Exploit Pack| CANVAS Description| IIS 5.0 IPP ISAPI .printer Overflow Notes| CVE Name: CVE-2001-0241 VENDOR: Microsoft MSADV: MS01-023 VersionsAffected: Repeatability: References: http://www.microsoft.com/technet/security/bulletin/MS01-023.mspx CVE Url:...

Microsoft Index Server 2.0 Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (2)

Microsoft Index Server 2.0 Indexing Service Windows 2000 - ISAPI Extension Buffer Overflow 2 / source: https://www.securityfocus.com/bid/2880/info Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the...