Vulnerable Web Server (ISAPI)
Impact
During 2001 and 2002, there have been many confirmed reports of buffer
overflow vulnerabilities in Microsoft's Internet Information Server IIS).
Due to an unchecked buffer in an IIS (version 4,5,and 6) ASP programs,
a maliciously crafted web query could enable an intruder access to the IIS
Web server.
Background
One of the first overflow attacks (2001) involved Windows 2000/IIS 5.0 i
Internet printing ISAPI extension contains msw3prt.dll which handles user
requests. An unchecked buffer in msw3prt.dll, will allow
the execution of arbitrary code. Typically a web server would stop responding
in a buffer overflow condition; however, once Windows 2000 detects an
unresponsive web server it automatically performs a restart. Therefore,
the administrator will be unaware of this attack.
In April 2002, Microsoft announced a new series of vulnerabilities in IIS which
involve Advanced Server Pages (ASP). Specifically, two exploits were published
that involve attacks on null.htr and iisstart.asp.
Resolution