Microsoft IIS 5.0 printer ISAPI extension buffer overflow

Added: 02/08/2006
CVE: CVE-2001-0241
BID: 2674
OSVDB: 3323

Background

Microsoft IIS web servers include ISAPI extensions which are invoked in the server process to handle requests of a given type.

Problem

The ISAPI extension which handles requests for file names ending in .printer is affected by a buffer overflow which could allow remote attackers to execute arbitrary commands.

Resolution

Install Windows 2000 Service Pack 2.

References

http://www.microsoft.com/technet/security/bulletin/ms01-023.mspx
http://archives.neohapsis.com/archives/bugtraq/2001-05/0006.html

Platforms

Windows

Back to exploit index