|
|
|
Vulnerability Note VU#655248
Microsoft Index Server contains buffer overflow
OverviewA buffer overflow exists in Microsoft Index Server 2.0, which may allow remote attackers to execute code with administrarive privileges.
I. DescriptionMicrosoft Index Server 2.0 is a tool for building an index of a web site to permit efficient searches. An intruder who can authenticate to the server and create a named pipe to it may be able to exploit a buffer overflow condition to execute code in the Local System Security Context. For more information, see Microsoft Security Bulletin MS01-025. II. ImpactIntruders may be able to execute arbitrary code in the Local System Security Context, i.e. with administrative privileges. III. SolutionApply a patch as described in MS01-025. Systems Affected
| Vendor | Status | Date Updated |
|---|
| Microsoft | Vulnerable | 21-May-2001 |
References
http://www.microsoft.com/technet/security/bulletin/MS01-025.asp
http://www.securityfocus.com/bid/2709
http://www.microsoft.com/ntserver/web/techdetails/default.asp
http://www.microsoft.com/ntserver/web/exec/feature/indser2.asp
Credit
Thanks to David Litchfield of @Stake, who originally reported this vulnerability, and Microsoft, for the information contained in their advisory.
This document was written by Shawn Hernan
Other Information
| Date Public | 05/10/2001 |
| Date First Published | 05/22/2001 12:08:29 AM |
| Date Last Updated | 06/25/2001 |
| CERT Advisory | |
| CVE Name | CAN-2001-0244 |
| Metric | 12.83 |
| Document Revision | 5 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
