Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1595 |
Message | WEB-IIS htimage.exe access |
Summary | This event is generated when an attempt is made to exploit a buffer overflow vulnerability associated with FrontPage Server Extension software. |
Impact | Remote access. This attack may permit exeuction of arbitrary commands on the vulnerable server. |
Detailed Information | Microsoft FrontPage 97 and 98 Server Extensions are shipped with htimage.exe and imagemap.exe files that provide image-mapping support on the server for legacy browsers. There is a vulnerability associated with the htimage.exe file because of unchecked buffers that may permit execution of arbitrary code on the vulnerable server. |
Affected Systems | Microsoft Exchange Server 5.5 and Microsoft Exchange Server 5.5 SP1, SP2, SP3, SP4 |
Attack Scenarios | An attacker can craft a special URL referencing the htimage.exe file that causes a buffer overflow, allowing execution of arbitrary commands on the vulnerable server. |
Ease of Attack | Simple. |
Corrective Action | Remove the htimage.exe and imagemap.exe files from the server. |
Additional References | nessus http://cgi.nessus.org/plugins/dump.php3?id=10376 CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0256 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0122 Bugtraq http://www.securityfocus.com/bid/1117 |
Rule References | bugtraq: 1117 bugtraq: 964 cve: 2000-0122 cve: 2000-0256 nessus: 10376 |
--
DID:129239
--
http://www.aanval.com/