Microsoft IIS ASP chunked encoding buffer overflow

Added: 11/10/2006
CVE: CVE-2002-0079
BID: 4485
OSVDB: 768

Background

Microsoft IIS web servers include ISAPI extensions which are invoked in the server process to handle requests of a given type.

Problem

A buffer overflow in the ASP ISAPI filter allows remote attackers to execute arbitrary commands by sending chunked encoded form data in a POST request for an ASP page.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 02-018.

References

http://www.kb.cert.org/vuls/id/610291
http://archives.neohapsis.com/archives/bugtraq/2002-04/0116.html

Limitations

Exploit works on IIS 5.0.

Platforms

Windows

Back to exploit index