Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
FrontPage Server Extension Sub-Component Contains Unchecked Buffer New
A security vulnerability exists in any IIS server that has the Visual Studio RAD sub-component installed, which may allow a malicious user to load and run code on the target machine in the IUSR or system context.
Issue
FrontPage Server Extensions ship as part of IIS 4.0 and 5.0, and facilitate the development of Web sites and Web-based applications. FrontPage Server Extensions includes an additional, optional sub-component called Visual Studio RAD (Remote Application Deployment) Support. This sub-component allows Visual InterDev 6.0 users to register and unregister COM objects on an IIS 4.0 or 5.0 Server. This sub-component contains an unchecked buffer in a section that processes input information.
An attacker could exploit this vulnerability against any server with this sub-component installed by establishing a web session on with the server and passing a specially malformed packet to the server component. The attacker could use that packet to thereby load code of his choice for execution on the server. An attack that exploits this vulnerability would execute in the IUSR_machinename context. However, it is possible under certain circumstances to execute code in the SYSTEM context.
Affected Products
- Microsoft Visual Studio RAD Support in FrontPage Server Extensions
Solution
A software pacth is available from the following locations:
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: June 21, 2001
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
