Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Heap Overrun in HTR Chunked Encoding New
A security vulnerability in the chunked encoding data transfer mechanism of IIS 4.0 and 5.0 could either cause the IIS service to fail or allow an attacker to run the code of their choice on the system.
Issue
The vulnerability is similar to the first vulnerability discussed in Microsoft Security Bulletin MS02-018. Like that vulnerability, this one involves a buffer overrun in the Chunked Encoding data transfer mechanism in IIS 4.0 and 5.0, and could likewise be used to overrun heap memory on the system, with the result of either causing the IIS service to fail or allowing code to be run on the server. The chief difference between the vulnerabilities is that the newly discovered one lies in the ISAPI extension that implements HTR – an older, largely obsolete scripting technology – where the previous one lay in the ISAPI extension that implements ASP.
Affected Products
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Services 5.0
Download
Software patches are available from the following locations:
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: June 12, 2002
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
