---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Reversing must be a passion as your skills will be challenged on a daily basis and you will be working several hours everyday in IDA, Ollydbg, and with BinDiff. Often, it is also required that you write a PoC or even a working exploit to prove that an issue is exploitable. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Microsoft Internet Information Services ASP Code Buffer Overflow SECUNIA ADVISORY ID: SA21006 VERIFY ADVISORY: http://secunia.com/advisories/21006/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Internet Information Services (IIS) 5.x http://secunia.com/product/39/ Microsoft Internet Information Services (IIS) 6 http://secunia.com/product/1438/ DESCRIPTION: A vulnerability has been reported in Microsoft Internet Information Services, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the handling of ASP code. This can be exploited by placing and executing maliciously crafted ASP code. Successful exploitation requires access to upload ASP code to a web folder. SOLUTION: Apply patches. Microsoft Windows 2000 (requires SP4): http://www.microsoft.com/downloads/details.aspx?FamilyId=c917d6da-da2d-402c-a870-1de3cbd21ebf Microsoft Windows XP Professional (requires SP1 or SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=55d3ca3a-97fc-4e22-8ecc-9416ebc993c4 Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=4e19b792-7505-4453-b460-5a16915443db Microsoft Windows Server 2003 (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=c5e274a8-f962-4944-8878-6b88b1592bbf Microsoft Windows Server 2003 (Itanium) (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=e2dc245e-d0f3-41b9-b090-68a2118001cb Microsoft Windows Server 2003 x64 Edition family: http://www.microsoft.com/downloads/details.aspx?FamilyId=f29c886d-b896-4fcf-a22b-2c1a53b1a9eb PROVIDED AND/OR DISCOVERED BY: The vendor credits Brett Moore of Security-Assessment. ORIGINAL ADVISORY: MS06-034 (KB917537): http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------