Microsoft Internet Information Services (IIS) contains a buffer overflow vulnerability. This may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system.
IIS is a web server that comes with Microsoft Windows.
A remote, authenticated attacker may be able to run arbitrary code on a vulnerable system. This code would run with the privileges of IWAM_<machinename> on a system with IIS 5.0 and 5.1, and it would run with NetworkService privileges on a system with IIS 6.0.
Apply an update
Thanks to Microsoft for reporting this vulnerability, who in turn credit Brett Moore of Security-Assessment.com.
This document was written by Will Dormann.
|Date First Published:||2006-07-11|
|Date Last Updated:||2006-07-19 12:28 UTC|