Vulnerability Note VU#395588

Microsoft Internet Information Services vulnerable to remote code execution via specially crafted ASP file

Overview

Microsoft Internet Information Services (IIS) contains a buffer overflow vulnerability. This may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

IIS

IIS is a web server that comes with Microsoft Windows.

ASP

ASP (Active Server Pages) is a technology for creating dynamic web sites. IIS includes the ability to serve ASP content.

The problem

IIS contains a buffer overflow in the handling of specially crafted ASP pages.

II. Impact

A remote, authenticated attacker may be able to run arbitrary code on a vulnerable system. This code would run with the privileges of IWAM_<machinename> on a system with IIS 5.0 and 5.1, and it would run with NetworkService privileges on a system with IIS 6.0.

III. Solution

Apply an update

This vulnerability is addressed by the updates provided by MS06-034.

Systems Affected

Vendor	Status	Date Updated
Microsoft Corporation	Vulnerable	11-Jul-2006

References

http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx

Credit

Thanks to Microsoft for reporting this vulnerability, who in turn credit Brett Moore of Security-Assessment.com.

This document was written by Will Dormann.

Other Information

Date Public	07/11/2006
Date First Published	07/11/2006 04:22:51 PM
Date Last Updated	07/19/2006
CERT Advisory
CVE Name	CVE-2006-0026
US-CERT Technical Alerts
Metric	19.42
Document Revision	5

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader