HTTP: IIS HTR/IDC/STM Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Microsoft IIS 4.0 ism.dll (for .htr, .stm, .idc file extensions). Attackers can create a malformed request for the vulnerable file extensions and cause a buffer overflow, which can lead to a denial-of-service condition or arbitrary code execution.

Extended Description

Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execute arbitrary code on the target machine. IIS supports a number of file extensions that require futher processing. When a request is made for one of these types of files a specific DLL processes it. A stack buffer overflow vulnerability exists in several of these DLL's while handling .HTR, .STM or .IDC extensions.

References

BugTraq: 4474 307

CVE: CVE-2002-0071

URL: http://support.microsoft.com/default.aspx?scid=kb;[LN];234905 http://ciac.llnl.gov/ciac/bulletins/j-048.shtml http://www.cert.org/advisories/CA-1999-07.html http://www.eeye.com/html/research/advisories/AD19990608.html

Short Name

HTTP:IIS:HTR-OVERFLOW

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: IIS HTR/IDC/STM Buffer Overflow

Extended Description

References

Found a potential security threat?