| VID |
22037 |
| Severity |
40 |
| Port |
80 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The IIS web server is vulnerable to a buffer overflow(2) in the .HTR filter. An attacker may use this flaw to execute arbitrary code on this host (although the exploitation of this flaw is considered as being difficult).
In the default IIS installation, .HTR functionality is enabled. .HTR files are used only for for web-based password resets. There exists a heap overflow in the server component that is used to handle requests to .HTR files. As with most heap overflows, this heap overflow can be used to execute arbitrary machine code. In the default installation, this results in remote execution in the IUSR_machine security context. This is detailed in Microsoft Advisory MS02-028.
* References:
http://www.microsoft.com/technet/security/bulletin/ms02-028.asp
http://online.securityfocus.com/archive/1/276640
Affected Software:
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0 |
| Recommendation |
Apply the appropriate patch for your system from the following download locations:
o Microsoft IIS 4.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=39579
o Microsoft IIS 5.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=39217
-- OR --
Even if you have patched this vulnerability, we recommend that you unmap the .HTR extension, and any other unused ISAPI extensions if they are not required for the operation of your site.
To unmap the .HTR extension:
1. Open Internet Services Manager.
2. Right-click the Web server choose Properties from the context menu.
3. Master Properties
4. Select WWW Service -> Edit -> HomeDirectory -> Configuration and remove the reference to .htr from the list. |
| Related URL |
CVE-2002-0364 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
