- From: Jim Whitehead <ejw@cse.ucsc.edu>
- Date: Mon, 17 Mar 2003 22:32:10 -0800
- To: "WebDAV" <w3c-dist-auth@w3.org>
FYI. So, how many implementors on the list are confident *you* don't also have a buffer overflow exploit lurking in your code? - Jim http://www.cert.org/advisories/CA-2003-09.html CERTŪ Advisory CA-2003-09 Buffer Overflow in Microsoft IIS 5.0 Original issue date: March 17, 2003 Last revised: Mon Mar 17 14:34:35 EST 2003 Source: CERT/CC A complete revision history is at the end of this file. Systems Affected Systems running Microsoft Windows 2000 with IIS 5.0 enabled Overview A buffer overflow vulnerability exists in Microsoft IIS 5.0 running on Microsoft Windows 2000. IIS 5.0 is installed and running by default on Microsoft Windows 2000 server products. This vulnerability may allow a remote attacker to run arbitrary code on the victim machine. An exploit is publicly available for this vulnerability, which increases the urgency that system administrators apply a patch.
Received on Tuesday, 18 March 2003 01:35:25 UTC