A complete revision history can be found at the end of this file.
A variety of vulnerabilities exist in various versions of Microsoft
IIS. Some of these vulnerabilities may allow an intruder to execute
arbitrary code on vulnerable systems.
There are a variety of vulnerabilities in Microsoft IIS. Many of these
vulnerabilities are buffer overflows that could permit an intruder to
execute arbitrary code on vulnerable systems. Additional information about these vulnerabilities is available at
For many of the vulnerabilities, an intruder could execute arbitrary
code with privileges that vary according to which version of IIS is
running. In general, IIS 4.0 permits an intruder to execute code with
complete administrative privileges, while IIS 5.0 and 5.1 permit an
intruder to execute code with the privileges of the IWAM_computername
account.
Microsoft Corporation has released Microsoft Security Bulletin
MS02-018, which announces the availability of a cumulative patch to
address a variety of problems. We strongly encourage you to read this
bulletin and take the appropriate corrective measures. MS02-018 is
available at
In addition to applying the patch, or until it can be applied, we
recommend the following actions:
Our thanks to Microsoft Corporation for the information contained in
their advisory. Additionally, our thanks go to the various individuals and
organizations whom Microsoft identified as discovering the
vulnerabilities, including eEye Digital Security (http://www.eeye.com),
Serge Mister of Entrust, Inc. (http://www.entrust.com), Dave Aitel of
@Stake (http://www.atstake.com), Peter Grundl of KPMG, Joe Smith
(jsm1th@hotmail.com) and zenomorph (admin@cgisecurity.com) of
http://www.cgisecurity.com, Keigo Yamazaki of the LAC SNS Team
(http://www.lac.co.jp/security/), and Thor Larholm of Jubii A/S.
Author: Shawn
V. Hernan
Systems Affected
Overview
I. Description
http://www.kb.cert.org/vuls/id/363715
CAN-2002-0071
Microsoft
Internet Information Server (IIS) vulnerable to heap overflow
during processing of crafted ".htr" request by "ISM.DLL" ISAPI
filter
http://www.kb.cert.org/vuls/id/883091
CAN-2002-0074
Microsoft
Internet Information Server (IIS) contains cross-site scripting
vulnerability in IIS Help Files search facility
http://www.kb.cert.org/vuls/id/886699
CAN-2002-0148
Microsoft
Internet Information Server (IIS) contains cross-site scripting
vulnerability in HTTP error page results
http://www.kb.cert.org/vuls/id/520707
CAN-2002-0075
Microsoft
Internet Information Server (IIS) contains cross-site scripting
vulnerability in redirect response messages
http://www.kb.cert.org/vuls/id/412203
CAN-2002-0073
Microsoft
Internet Information Server (IIS) vulnerable to DoS via malformed
FTP connection status request
http://www.kb.cert.org/vuls/id/454091
CAN-2002-0150
Microsoft
Internet Information Server (IIS) vulnerable to buffer overflow
via inaccurate checking of delimiters in HTTP header
fields
http://www.kb.cert.org/vuls/id/721963
CAN-2002-0149
Microsoft
Internet Information Server (IIS) buffer overflow in server-side
includes (SSI) containing long invalid file
name
http://www.kb.cert.org/vuls/id/521059
CAN-2002-0072
Microsoft
Internet Information Server (IIS) vulnerable to DoS when URL
request exceeds maximum allowed length
http://www.kb.cert.org/vuls/id/610291
CAN-2002-0079
Microsoft
Internet Information Server (IIS) buffer overflow in chunked
encoding transfer mechanism
http://www.kb.cert.org/vuls/id/669779
CAN-2002-0147
Microsoft
Internet Information Server (IIS) buffer overflow in chunked
encoding transfer
mechanism II. Impact
III. Solution
This document is available from: http://www.cert.org/advisories/CA-2002-09.html