HTTP: IIS 4.0 fpcount.exe Buffer Overflow

This signature detects attempts to exploit a known vulnerability against fpcount.exe in Microsoft IIS 4.0. Attackers can overflow the fpcount.exe buffer and execute arbitrary commands with system privileges.

Extended Description

fpcount.exe is a site visit counter included with the Internet Information Server version 4.0. IIS 4.0 is part of the Microsoft Windows NT 4.0 Operating System, distributed and maintained by the Microsoft Corporation. A vulnerability in the package could allow a user to execute arbitrary code on a running server. The problem lies in a buffer overflow in the fpcount.exe binary. It is possible to exploit the buffer overflow in fpcount.exe remotely, thus overwriting stack variables, including the return address. This design flaw makes it possible for a user with malicious motives to execute arbitrary code, and potentially gain access and possibly administrative privileges to a remote system.

Short Name
HTTP:IIS:FPCOUNT-OVERFLOW
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
4.0 Buffer CVE-1999-1376 IIS Overflow bid:2252 fpcount.exe
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3339
False Positive
Unknown
CVSS Score

10.0

Found a potential security threat?