| VID |
26042 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The host is not applied the latest cumulative patch (Hotfix of 'Q11114') for Microsoft IIS.
In addition to all previously released security patches, this patch also includes fixes for the following newly discovered security vulnerabilities affecting IIS 4.0, 5.0 and 5.1. The IIS Server without this patch may allow remote and local attackers to gain SYSTEM level access on the affected host.
O Redirection Cross Site Scripting : CAN-2003-0223
o Server Side Include Web Pages Buffer Overrun : CAN-2003-0224
o ASP Headers Denial of Service : CAN-2003-0225
o WebDAV Denial of Service : CAN-2003-0226
* References:
http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
* Platforms Affected:
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 5.1 |
| Recommendation |
Apply the appropriate patch (Hotfix of 'Q11114') for your system, as listed in below.
For IIS 4.0:
http://microsoft.com/downloads/details.aspx?FamilyId=1DBC1914-98E9-4DED-ADBF-E9B374A1F79D&displaylang=en
For IIS 5.0:
http://microsoft.com/downloads/details.aspx?FamilyId=2F5D9852-4ADD-44F8-8715-AC3D7D7D94BF&displaylang=en
For IIS 5.1:
o 32-bit Edition:
http://microsoft.com/downloads/details.aspx?FamilyId=77CFE3EF-C5C5-401C-BC12-9F08154A5007&displaylang=en
o 64-bit Edition:
http://microsoft.com/downloads/details.aspx?FamilyId=86F4407E-B9BF-4490-9421-008407578D11&displaylang=en
* Installation platforms:
o The IIS 4.0 patch can be installed on systems running Windows NT 4.0 Service Pack 6a.
o The IIS 5.0 patch can be installed on systems running Windows 2000 Service Pack 2 or Service Pack 3.
o The IIS 5.1 patch can be installed on systems running Windows XP Professional Gold and Service Pack 1.
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2003-0223,CVE-2003-0224,CVE-2003-0225,CVE-2003-0226 (CVE) |
| Related URL |
7731,7735,7733 (SecurityFocus) |
| Related URL |
(ISS) |
|
