Vulnerability Note VU#434137

Microsoft Content Management Server fails to properly process crafted HTTP requests

Overview

A vulnerability in the way Microsoft Content Managment Server handles HTTP requests may lead to execution of arbitrary code.

I. Description

Microsoft Content Managment Server (CMS) contains a vulnerability that could be exploited when it attempts to process specially crafted HTTP requests. According to Microsoft Security Bulletin MS07-018:

A remote code execution vulnerability results from the way that the Microsoft Content Management Server handles unexpected characters in an HTTP request.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.

III. Solution

Update

Microsoft has released an update to address this issue. See Microsoft Security Bulletin MS07-018 for more details.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Microsoft Corporation	Vulnerable	17-Apr-2007

References

http://www.microsoft.com/technet/security/bulletin/ms07-018.mspx
http://secunia.com/advisories/24819/

Credit

This vulnerability was reported in Microsoft Security Bulletin MS07-018.

This document was written by Chris Taschner.

Other Information

Date Public:	2007-04-10
Date First Published:	2007-04-17
Date Last Updated:	2007-04-17
CERT Advisory:
CVE-ID(s):	CVE-2007-0938
NVD-ID(s):	CVE-2007-0938
US-CERT Technical Alerts:
Metric:	42.53
Document Revision:	9

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader