| VID |
21231 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The fpcount.exe in IIS 4.0 with FrontPage Server Extensions may be vulnerable to a buffer overflow attack.
fpcount.exe is a site visit counter included with the Internet Information Server version 4.0. IIS 4.0 is part of the Microsoft Windows NT 4.0 Operating System, distributed and maintained by the Microsoft Corporation.
A vulnerability in the package could allow a remote attacker to execute arbitrary code on a running web server. The problem lies in a buffer overflow in the fpcount.exe binary. It is possible to exploit the buffer overflow in fpcount.exe remotely, thus overwriting stack variables, including the return address. By sending a specially-crafted web request, a remote attacker can overflow a buffer to execute arbitrary code, and potentially gain access and possibly administrative privileges to a remote system.
* Note: This check doesn't perform an actually test to assess this vulnerability but solely relied on the presence of this CGI for the remote Web server, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/11943
http://marc.theaimsgroup.com/?l=ntbugtraq&m=91632724913080&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=91638375309890&w=2
* Affected Software:
Microsoft IIS 4.0 |
| Recommendation |
Remove the CGI, 'fpcount.exe' from /_vti_bin virtual directory. |
| Related URL |
CVE-1999-1376 (CVE) |
| Related URL |
2252 (SecurityFocus) |
| Related URL |
5494 (ISS) |
|
