Malformed HTR Request Vulnerability

A vulnerability exists in Microsoft® Internet Information Server 4.0. The vulnerability could allow denial of service attacks against an IIS server or, under certain conditions, could allow arbitrary code to be run on the server.

Issue

IIS supports several file types that require server-side processing. When a web site visitor requests a file of one of these types, an appropriate filter DLL processes it. A vulnerability exists in the way that .HTR, .STM and .IDC files are processed.

The vulnerability involves an unchecked buffer in the filter DLLs for these file types. This poses two threats to safe operation. The first is a denial of service threat. A malformed request for an .HTR, .STM or .IDC file could overflow the buffer, causing IIS to crash. The server would not need to be rebooted, but IIS would need to be rebooted in order to resume service. The second threat is that a carefully-constructed file request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither attack could occur accidentally. The vulnerability is present regardless of whether .HTR, .STM or .IDC files are present on the server.

Affected Products

• Microsoft Internet Information Server 4.0

Download

Patch: ftp://ftp.microsoft.com/bussys/IIS/iis-public/fixes/usa/ext-fix/

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: June 18, 1999

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<