HTTP: IIS .Htr Overflow Attempt
This signature detects attempts to exploit a known vulnerability against Microsoft IIS 4.0 and 5.0. Attackers can send maliciously crafted HTR requests (.htr) with long variable names to overflow the buffer in the ism.dll ISAPI extension that implements HTR scripting. A successful attack can create a denial of service or allows the attacker to execute arbitrary commands.
Extended Description
A buffer overflow in the HTR ISAPI extension has been reported for Microsoft IIS (Internet Information Services). This condition affects IIS 4.0, IIS 5.0 and may be effectively mitigated by disabling the extension. Exploitation of this vulnerability may result in a denial of service or allow for a remote attacker to execute arbitrary instructions on the victim host. A number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves.
Affected Products
Microsoft iis
Short Name
HTTP:IIS:HTR-OF-2
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
.Htr Attempt CA-2002-09 CVE-2002-0071 IIS Overflow bid:4474
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Cisco
Microsoft
CVSS Score
7.5