| VID |
22165 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The IIS web server contains a cross-site scripting vulnerability via a long URL request with .idc extension.
One of vulnerabilities in Microsoft IIS is a cross-site scripting vulnerability, allows a remote attacker to injects the malicious script code on the HTML error page for .idc extension to IIS. Generally, the server returns the default 404 error page, if it receives the request for non-existent file with .ida extension. But, when a remote attacker sends a long URL request with .idc extension, which is embedded a malicious scripting code the as the following:
GET /AAAAAA...['A'*334]...AAAAAAAAAAAA[script code executed].idc
The server will parse the [script code executed] and return the non-standard error page to be contains a malicious scripting code, which is executed by client's browser. Using this vulnerability, a remote attacker can cause to executes the arbitrary script code and steals cookies which may contain critical data such as the personal informations, passwords, etc.
* Platforms Affected:
Microsoft IIS 5 server
Windows 2000 Advanced Server/Professional/Server
Windows 2000 Advanced Server/Professional/Server SP1
Windows 2000 Advanced Server/Professional/Server SP2 |
| Recommendation |
Apply the latest server pack, Windows 2000 Service Pack(SP) 3 from the Microsoft web site :
http://www.microsoft.com/windows2000/downloads/servicepacks/sp3/sp3lang.asp
1. Select language drop-down list, and click <GO> from the above page.
2. Download <SP3 Express Installation> for installing only the updates that are necessary.
3. Or, download <SP3 Network Installation> for installing all of the Windows 2000 SP3 files.
4. Run it to start a installation.
As the workaround, remote the .idc extension from application mappings:
1. Go to the Control Panel ¡æ Administrative tools ¡æ Internet Information Service
2. Choose Properties of the Web Server.
3. Select Home Directory tab ¡æ Application Configuration.
4. Remove .idc extension from the Application mapping tab.
5. Click OK. |
| Related URL |
(CVE) |
| Related URL |
5900 (SecurityFocus) |
| Related URL |
10294 (ISS) |
|
