HTTP: Microsoft Phone Book Service Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the Microsoft Internet Information Services (IIS) Phone Book Service. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user. This is typically an IUSR or IWAM user with limited privileges.
Extended Description
The Phone Book Service is an optional component that ships with the NT 4 Option Pack and Windows 2000. It is not installed by default. A buffer overflow vulnerability was discovered in the URL processing routines of the Phone Book Service requests on IIS 4 and IIS 5. If exploited, this vulnerability allows an attacker to execute arbitrary code and obtain a remote command shell with those privileges of the IUSR_machinename account (IIS 4) or the IWAM_machinename account (IIS 5).
Affected Products
Microsoft windows_2000_advanced_server
Short Name
HTTP:IIS:PBSERVER-PARAM-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Book Buffer CVE-2000-1089 Microsoft Overflow Phone Service bid:2048
Release Date
05/27/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0