FYI: DAV-related buffer overflow exploit in IIS 5 from Jim Whitehead on 2003-03-18 (w3c-dist-auth@w3.org from January to March 2003)

From: Jim Whitehead <ejw@cse.ucsc.edu>
Date: Mon, 17 Mar 2003 22:32:10 -0800
To: "WebDAV" <w3c-dist-auth@w3.org>
Message-ID: <AMEPKEBLDJJCCDEJHAMIIEDMGLAA.ejw@cse.ucsc.edu>

FYI.

So, how many implementors on the list are confident *you* don't also have a
buffer overflow exploit lurking in your code?

- Jim

http://www.cert.org/advisories/CA-2003-09.html

 CERT® Advisory CA-2003-09 Buffer Overflow in Microsoft IIS 5.0
Original issue date: March 17, 2003
Last revised: Mon Mar 17 14:34:35 EST 2003
Source: CERT/CC

A complete revision history is at the end of this file.



Systems Affected
Systems running Microsoft Windows 2000 with IIS 5.0 enabled
Overview
A buffer overflow vulnerability exists in Microsoft IIS 5.0 running on
Microsoft Windows 2000. IIS 5.0 is installed and running by default on
Microsoft Windows 2000 server products. This vulnerability may allow a
remote attacker to run arbitrary code on the victim machine.

An exploit is publicly available for this vulnerability, which increases the
urgency that system administrators apply a patch.

Received on Tuesday, 18 March 2003 01:35:25 UTC