Flaw in ISA Server Error Pages
New
ISA Server contains a number of HTML-based error pages that allow the server to respond to a client requesting a Web resource with a customized error. A cross-site scripting vulnerability exists in many of these error pages that are returned by ISA Server under specific error conditions.
ISA Server contains a number of HTML-based error pages that allow the server to respond to a client requesting a Web resource with a customized error. A cross-site scripting vulnerability exists in many of these error pages that are returned by ISA Server under specific error conditions.
Cumulative Patch for Internet Information Service
New
Microsoft has released a cumulative patch that includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, and all security patches released to date for IIS 5.0 since Windows 2000 Service Pack 2 and IIS 5.1.
Microsoft has released a cumulative patch that includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, and all security patches released to date for IIS 5.0 since Windows 2000 Service Pack 2 and IIS 5.1.
Palyh Email Worm Spreading
New
A new email worm, named Palyh, has starting spreading across the Internet. The e-mail claims to come from support@microsoft.com but instead contains a virus attachment that sends itself to addresses found in files with any of the following extensions: wab, dbx, htm, html, eml and txt.
A new email worm, named Palyh, has starting spreading across the Internet. The e-mail claims to come from support@microsoft.com but instead contains a virus attachment that sends itself to addresses found in files with any of the following extensions: wab, dbx, htm, html, eml and txt.
Flaw In Winsock Proxy Service And ISA Firewall
New
A flaw exists in the Winsock Proxy service in Microsoft Proxy Server 2.0, and the Microsoft Firewall service in ISA Server 2000, that would allow an attacker on the internal network to send a specially crafted packet that would cause the server to stop responding to internal and external requests.
A flaw exists in the Winsock Proxy service in Microsoft Proxy Server 2.0, and the Microsoft Firewall service in ISA Server 2000, that would allow an attacker on the internal network to send a specially crafted packet that would cause the server to stop responding to internal and external requests.
Cumulative Patch for Microsoft MMS
New
A security vulnerability exists in the Microsoft Content Management Server (MCMS) that could allow an attacker to insert script into the data being sent to a MCMS server.
A security vulnerability exists in the Microsoft Content Management Server (MCMS) that could allow an attacker to insert script into the data being sent to a MCMS server.
Cumulative Patch for Internet Information Service
New
Microsoft has released a cumlative patch for Microsoft Internet Information Services which resolves four vulnerabilities, the most serious of which could enable applications on a server to gain system-level privileges.
Microsoft has released a cumlative patch for Microsoft Internet Information Services which resolves four vulnerabilities, the most serious of which could enable applications on a server to gain system-level privileges.
Buffer Overrun in SmartHTML Interpreter
New
A buffer overrun in the SmartHTML Interpreter of Microsoft FrontPage Server Extensions potentially allows an attacker to run code of their choice or to cause a denial-of-service.
A buffer overrun in the SmartHTML Interpreter of Microsoft FrontPage Server Extensions potentially allows an attacker to run code of their choice or to cause a denial-of-service.
Unchecked Buffer in Content Management Server
New
Three security vulnerabilities have been discovered in Microsoft Content Management Server the most serious of which could enable an attacker to gain full control over the server.
Three security vulnerabilities have been discovered in Microsoft Content Management Server the most serious of which could enable an attacker to gain full control over the server.
Heap Overrun in HTR Chunked Encoding
New
A security vulnerability in the chunked encoding data transfer mechanism of IIS 4.0 and 5.0 could either cause the IIS service to fail or allow an attacker to run the code of their choice on the system.
A security vulnerability in the chunked encoding data transfer mechanism of IIS 4.0 and 5.0 could either cause the IIS service to fail or allow an attacker to run the code of their choice on the system.
Unchecked Buffer in Gopher Protocol Handler
New
A security vulnerability exists in the Gopher protocol handler of Internet Explorer, Proxy Server and ISA Server which could allow an attacker to exploit a buffer overrun and run code of their choice on the system.
A security vulnerability exists in the Gopher protocol handler of Internet Explorer, Proxy Server and ISA Server which could allow an attacker to exploit a buffer overrun and run code of their choice on the system.
Unchecked Buffer in MSN Chat Control Can Lead to Code Execution
New
An unchecked buffer exists in one of the functions that handles input parameters in the MSN Chat control. The security vulnerability could allow an attacker to run code in the user's context.
An unchecked buffer exists in one of the functions that handles input parameters in the MSN Chat control. The security vulnerability could allow an attacker to run code in the user's context.
Cumulative Patch for Internet Information Services
New
Microsoft has released a cumulative patch for Internet Information Server (IIS) 4.0, Internet Information Services (IIS) 5.0, and IIS 5.1 that includes updates for a range of security issues.
Microsoft has released a cumulative patch for Internet Information Server (IIS) 4.0, Internet Information Services (IIS) 5.0, and IIS 5.1 that includes updates for a range of security issues.
Unchecked Buffer Could Allow Commerce Server Compromise
New
A security vulnerability exists in the Microsoft Commerce Server 2000 which could allow a remote attacker to exploit an unchecked buffer in an ISAPI filter and gain complete control of the server.
A security vulnerability exists in the Microsoft Commerce Server 2000 which could allow a remote attacker to exploit an unchecked buffer in an ISAPI filter and gain complete control of the server.
XML Core Services Can Allow Access to Local Files
New
A security vulnerability exists in the XMLHTTP ActiveX control which is part of the Microsoft XML Core Services. This vulnerability allows a remote attacker to read specific files from the system of a vulnerable user.
A security vulnerability exists in the XMLHTTP ActiveX control which is part of the Microsoft XML Core Services. This vulnerability allows a remote attacker to read specific files from the system of a vulnerable user.
FrontPage Server Extension Sub-Component Contains Unchecked Buffer
New
A security vulnerability exists in any IIS server that has the Visual Studio RAD sub-component installed, which may allow a malicious user to load and run code on the target machine in the IUSR or system context.
A security vulnerability exists in any IIS server that has the Visual Studio RAD sub-component installed, which may allow a malicious user to load and run code on the target machine in the IUSR or system context.
Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise
New
A buffer overrun exists in the Index Server which when used with Microsoft IIS could enable to malicious user to run code in the context of the system.
A buffer overrun exists in the Index Server which when used with Microsoft IIS could enable to malicious user to run code in the context of the system.
Superfluous Decoding Operation Could Allow Command Execution via IIS
New
A security vulnerability exists in IIS 5.0 and 4.0 which could enable a malicious user to run operating system commands on an affected Web server.
A security vulnerability exists in IIS 5.0 and 4.0 which could enable a malicious user to run operating system commands on an affected Web server.
Index Server Search Function Contains Unchecked Buffer
New
A buffer overrun security vulnerability exists in Index Server 2.0 which if provided an overly long value for a particular search parameter may cause the service to fail.
A buffer overrun security vulnerability exists in Index Server 2.0 which if provided an overly long value for a particular search parameter may cause the service to fail.
Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server
New
A security vulnerability exists in Microsoft® IIS 5.0 on Windows 2000 which could potentially enable a malicious user to run code of attacker’s choice in system context.
A security vulnerability exists in Microsoft® IIS 5.0 on Windows 2000 which could potentially enable a malicious user to run code of attacker’s choice in system context.
WebDAV Service Provider Can Allow Scripts to Levy Requests as User
New
A security vulnerability exists in all Microsoft products using the WebDAV component which could allow a remote attacker to impersonate a user and gain access to any resources available to that user.
A security vulnerability exists in all Microsoft products using the WebDAV component which could allow a remote attacker to impersonate a user and gain access to any resources available to that user.
Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
A spoofing hazard exists in all Microsoft Internet-enabled products due to erroneous digital certificates issued by VeriSign on January 29 and 30, 2001 to a non-Microsoft individual.
A spoofing hazard exists in all Microsoft Internet-enabled products due to erroneous digital certificates issued by VeriSign on January 29 and 30, 2001 to a non-Microsoft individual.
Malformed WebDAV Request Can Cause IIS to Exhaust CPU Resources
A security vulnerability exists in the Micrsoft IIS 5.0 which could allow a remote attacker to cause a denial of service using a malformed WebDAV request and cause IIS to exhaust CPU resources.
A security vulnerability exists in the Micrsoft IIS 5.0 which could allow a remote attacker to cause a denial of service using a malformed WebDAV request and cause IIS to exhaust CPU resources.
Malformed URL can Cause Service Failure in IIS 5.0 and Exchange 2000
A security vulnerability exists in the IIS 5.0 and Exchange 2000 which could cause a denial of service due to a flaw handling a specifically constructed malformed URL.
A security vulnerability exists in the IIS 5.0 and Exchange 2000 which could cause a denial of service due to a flaw handling a specifically constructed malformed URL.
File Fragment Reading via .HTR Vulnerability
New
A security vulnerability exists in Microsoft® Internet Information Service which could allow enable an attacker, under very unusual conditions, to read fragments of files from a web server.
A security vulnerability exists in Microsoft® Internet Information Service which could allow enable an attacker, under very unusual conditions, to read fragments of files from a web server.
Malformed Web Form Submission Vulnerability
A security vulnerability exists in a component that ships as part of Microsoft® Internet Information Server which could potentially allow an attacker to prevent an affected web server from providing useful service.
A security vulnerability exists in a component that ships as part of Microsoft® Internet Information Server which could potentially allow an attacker to prevent an affected web server from providing useful service.
Web Server File Request Parsing Vulnerability
A security vulnerability exists in Microsoft® Internet Information Services 4.0 & 5.0. The vulnerability could enable a malicious user to run operating system commands on a web server.
A security vulnerability exists in Microsoft® Internet Information Services 4.0 & 5.0. The vulnerability could enable a malicious user to run operating system commands on a web server.
Session ID Cookie Marking Vulnerability
A security vulnerability exists in Microsoft® Internet Information Server which could allow a malicious user to “hijack” another user’s secure web session.
A security vulnerability exists in Microsoft® Internet Information Server which could allow a malicious user to “hijack” another user’s secure web session.
Web Server Folder Traversal Vulnerability
A security vulnerability exists in Internet Information Services 5.0 and Internet Information Server 4.0 that may allow a malicious user to gain access to files and folders that are located on the logical drive containing the Web folders.
A security vulnerability exists in Internet Information Services 5.0 and Internet Information Server 4.0 that may allow a malicious user to gain access to files and folders that are located on the logical drive containing the Web folders.
Invalid URL Vulnerability
A security vulnerability exists in Microsoft® Internet Information Server (IIS) which could enable a malicious user to prevent an affected web server from providing useful service.
A security vulnerability exists in Microsoft® Internet Information Server (IIS) which could enable a malicious user to prevent an affected web server from providing useful service.
Specialized Header Vulnerability
A security vulnerability exists in Internet Information Server that ships with Microsoft® Windows 2000 which could cause a web server to send the source code of certain types of web files to a visiting user.
A security vulnerability exists in Internet Information Server that ships with Microsoft® Windows 2000 which could cause a web server to send the source code of certain types of web files to a visiting user.
File Permission Canonicalization Vulnerability
A security vulnerability exists in Microsoft® Internet Information Server which could allow a malicious user to gain additional permissions to certain types of files hosted on a web server.
A security vulnerability exists in Microsoft® Internet Information Server which could allow a malicious user to gain additional permissions to certain types of files hosted on a web server.
Absent Directory Browser Argument Vulnerability
Two security vulnerabilities exist in Microsoft® Internet Information Server which could allow a malicious user to stop the web server from providing useful service, or to extract certain types of information from it.
Two security vulnerabilities exist in Microsoft® Internet Information Server which could allow a malicious user to stop the web server from providing useful service, or to extract certain types of information from it.
Malformed Extension Data in URL Vulnerability
A security vulnerability exists in Microsoft® Internet Information Server which could be used to slow the performance of an affected server, or temporarily stop it altogether.
A security vulnerability exists in Microsoft® Internet Information Server which could be used to slow the performance of an affected server, or temporarily stop it altogether.
Undelimited .HTR Request and File Fragment Reading via .HTR Vulnerabilities
Two security vulnerabilities exist in Microsoft® Internet Information Server which couldbe used to slow an affected web server's response or to obtain the source code of certain types of files under restricted conditions.
Two security vulnerabilities exist in Microsoft® Internet Information Server which couldbe used to slow an affected web server's response or to obtain the source code of certain types of files under restricted conditions.
Server-Side Image Map Components Vulnerability
A vulnerability exists that could potentially allow a malicious web site visitor to perform actions that the system permissions authorize him to perform, but which he previously may have had no means of actually carrying out.
A vulnerability exists that could potentially allow a malicious web site visitor to perform actions that the system permissions authorize him to perform, but which he previously may have had no means of actually carrying out.
Link View Server-Side Component Vulnerability
The Dvwssr.dll file, which is included in several Web server products, does not perform access-control checks correctly. Because of this, there is a possibility that a user with Web Authoring permissions on a Web site can view ASP files that belong to other Web sites hosted on the same computer, if that user has read permissions on those files.
The Dvwssr.dll file, which is included in several Web server products, does not perform access-control checks correctly. Because of this, there is a possibility that a user with Web Authoring permissions on a Web site can view ASP files that belong to other Web sites hosted on the same computer, if that user has read permissions on those files.
Myriad Escaped Characters Vulnerability
A security vulnerability exists in When you send a large escape sequence to a computer running Internet Information Server 4.0 or Internet Information Services 5.0, the computer may use 100 percent CPU while it is processing the request. During this time, the server may not respond to other requests.
A security vulnerability exists in When you send a large escape sequence to a computer running Internet Information Server 4.0 or Internet Information Services 5.0, the computer may use 100 percent CPU while it is processing the request. During this time, the server may not respond to other requests.
Virtualized UNC Share Vulnerability
If a virtual directory on an Internet Information Server (IIS) computer is mapped to a Universal Naming Convention (UNC) share, and a request for a file in the directory contains one of several particular characters at the end of the request, the expected Internet Server Application Programming Interface (ISAPI) extension processing may not occur. This can result in the source code of the file being sent to the browser.
If a virtual directory on an Internet Information Server (IIS) computer is mapped to a Universal Naming Convention (UNC) share, and a request for a file in the directory contains one of several particular characters at the end of the request, the expected Internet Server Application Programming Interface (ISAPI) extension processing may not occur. This can result in the source code of the file being sent to the browser.
Chunked Encoding Post Vulnerability
A repetitive attack using a specially malformed request may cause Internet Information Server (IIS) to use a large amount of memory, and eventually cause the service to fail. This problem can occur when the client uses the Transfer-Encoding: chunked header in its request.
A repetitive attack using a specially malformed request may cause Internet Information Server (IIS) to use a large amount of memory, and eventually cause the service to fail. This problem can occur when the client uses the Transfer-Encoding: chunked header in its request.
Malformed Hit-Highlighting Argument Vulnerability
The ISAPI filter that implements the hit-highlighting (also known as "WebHits") functionality does not adequately constrain what files can be requested. If you provide a deliberately-malformed argument in a request to hit-highlight a document, it is possible to escape the virtual folder. This can allow someone without permissions to read any file residing on the same logical drive of the server that contains the Web Root folder. It does not allow anyone without permissions to add or modify files.
The ISAPI filter that implements the hit-highlighting (also known as "WebHits") functionality does not adequately constrain what files can be requested. If you provide a deliberately-malformed argument in a request to hit-highlight a document, it is possible to escape the virtual folder. This can allow someone without permissions to read any file residing on the same logical drive of the server that contains the Web Root folder. It does not allow anyone without permissions to add or modify files.
Escape Character Parsing Vulnerability
A vulnerability exists in Microsoft® Internet Information Server which could allow files on a web server to be specified using an alternate representation, in order to bypass access controls of some third-party applications.
A vulnerability exists in Microsoft® Internet Information Server which could allow files on a web server to be specified using an alternate representation, in order to bypass access controls of some third-party applications.
Virtual Directory Naming Vulnerability
A vulnerability exists in Microsoft® Internet Information Server which under certain conditions could cause a web server to send the source code of .ASP and other files to a visiting user.
A vulnerability exists in Microsoft® Internet Information Server which under certain conditions could cause a web server to send the source code of .ASP and other files to a visiting user.
Windows Multithreaded SSL ISAPI Filter Vulnerability
A vulnerability exists in the SSL ISAPI filter that ships with Microsoft® Internet Information Server and is used by other Microsoft products which if called by a multi-threaded application under very specific, and fairly rare, circumstances, a synchronization error in the filter could allow a single buffer of plaintext to be transmitted back to the data's owner.
A vulnerability exists in the SSL ISAPI filter that ships with Microsoft® Internet Information Server and is used by other Microsoft products which if called by a multi-threaded application under very specific, and fairly rare, circumstances, a synchronization error in the filter could allow a single buffer of plaintext to be transmitted back to the data's owner.
Domain Resolution and FTP Download Vulnerabilities
Two security vulnerabilities exist in Microsoft® Internet Information Server (IIS) 4.0 and Microsoft Commercial Internet System (MCIS) 2.5 that allow security restrictions in IIS and MCIS to be bypassed under certain conditions.
Two security vulnerabilities exist in Microsoft® Internet Information Server (IIS) 4.0 and Microsoft Commercial Internet System (MCIS) 2.5 that allow security restrictions in IIS and MCIS to be bypassed under certain conditions.
Malformed HTTP Request Header Vulnerability
A vulnerability exists in web server products that use Microsoft® Internet Information Server 4.0 as their web engine. If multiple HTTP requests containing specially-malformed headers are sent to an affected server, IIS may consume all memory on the server.
A vulnerability exists in web server products that use Microsoft® Internet Information Server 4.0 as their web engine. If multiple HTTP requests containing specially-malformed headers are sent to an affected server, IIS may consume all memory on the server.
Double Byte Code Page Vulnerability
A vulnerability exists in Microsoft® Internet Information Server that could allow a web site visitor to view the source code for selected files on the server, if the server's default language is set to Chinese, Japanese or Korean.
A vulnerability exists in Microsoft® Internet Information Server that could allow a web site visitor to view the source code for selected files on the server, if the server's default language is set to Chinese, Japanese or Korean.
Malformed HTR Request Vulnerability
A vulnerability exists in Microsoft® Internet Information Server 4.0. The vulnerability could allow denial of service attacks against an IIS server or, under certain conditions, could allow arbitrary code to be run on the server.
A vulnerability exists in Microsoft® Internet Information Server 4.0. The vulnerability could allow denial of service attacks against an IIS server or, under certain conditions, could allow arbitrary code to be run on the server.
File Viewers Vulnerability
A vulnerability exists that occurs in some file viewers included in Microsoft® Internet Information Server and Site Server that could allow a web site visitor to view, but not to change, files on the server, provided that they knew or guessed the name of each file and had access rights to it based on Windows NT ACLs.
A vulnerability exists that occurs in some file viewers included in Microsoft® Internet Information Server and Site Server that could allow a web site visitor to view, but not to change, files on the server, provided that they knew or guessed the name of each file and had access rights to it based on Windows NT ACLs.
IIS Malformed FTP List Request Vulnerability
A buffer overflow exists in a component that processes "list" commands in the Internet Information Server FTP service. This vulnerability could allow denial of service attacks against the server or, under certain conditions, could allow arbitrary code to be executed on the server.
A buffer overflow exists in a component that processes "list" commands in the Internet Information Server FTP service. This vulnerability could allow denial of service attacks against the server or, under certain conditions, could allow arbitrary code to be executed on the server.
IIS HTTP GET Vulnerability
A vulnerability exists in the HTTP GET method of Microsoft® Internet Information Server® that could allow denial-of-service attacks to be mounted against web servers.
A vulnerability exists in the HTTP GET method of Microsoft® Internet Information Server® that could allow denial-of-service attacks to be mounted against web servers.
Potential FTP Passive Connections Denial-of-Service in IIS
In certain situations using multiple passive FTP connections may cause errors, problems with system performance, as well as possible denial of service situations for both the FTP service and the WWW service running on a computer running IIS.
In certain situations using multiple passive FTP connections may cause errors, problems with system performance, as well as possible denial of service situations for both the FTP service and the WWW service running on a computer running IIS.
Unauthorized ODBC Data Access with RDS and IIS
Remote Data Service (RDS) is a component of Microsoft® Data Access Components (MDAC). The RDS DataFactory (a single component of RDS) allows implicit remoting of data access requests by default, it can be exploited to allow unauthorized Internet clients to access OLE database (DB) datasources available to the server
Remote Data Service (RDS) is a component of Microsoft® Data Access Components (MDAC). The RDS DataFactory (a single component of RDS) allows implicit remoting of data access requests by default, it can be exploited to allow unauthorized Internet clients to access OLE database (DB) datasources available to the server
File Access Issue with Internet Information Server
Web clients that connect to Windows NT IIS can read the contents of any Windows NT Server's NT File System (NTFS) file in an IIS v-root directory to which they have been granted "read access".
Web clients that connect to Windows NT IIS can read the contents of any Windows NT Server's NT File System (NTFS) file in an IIS v-root directory to which they have been granted "read access".
"The Error Message Vulnerability" Against Secured Internet Servers
A vulnerability that affects properly implemented versions of the Secure Socket Layer (SSL) protocol.
A vulnerability that affects properly implemented versions of the Secure Socket Layer (SSL) protocol.
 |
 |
|
More Guides » | Registry Guide | Support Forums | Software Guide | Scripting Guide | Search |  | |
