Vulnerability Note VU#952336
Microsoft Index Server/Indexing Service used by IIS 4.0/5.0 contains unchecked buffer used when encoding double-byte characters
A vulnerability exists in the Indexing services used by Microsoft IIS 4.0 and IIS 5.0 running on Windows NT, Windows 2000, and beta versions of Windows XP. Exploitations of this vulnerability allows a remote intruder to run arbitrary code on the victim machine.
There is a remotely exploitable buffer overflow in the ISAPI (Indexing Service Application Programming Interface) extension (IDQ.DLL) installed with most versions of IIS 4.0 and 5.0. This affects Windows NT 4.0, Windows 2000 (Server and Professional), Windows 2000 Datacenter OEM distributions, Indexing Server 2.0, and the Indexing Services on all Windows 2000 platforms; however, not all of these instances are vulnerable by default. The beta versions of Windows XP are vulnerable by default.
Remote intruders can execute arbitrary code with SYSTEM privileges in the Local System security context.
Apply patches for vulnerable Windows NT 4.0 and Windows 2000 systems:
All affected versions of IIS/Indexing Services can be protected against exploits of this vulnerbility by removing script mappings for for Internet Data Administration (.ida) and Internet Data Query (.idq) files. However, Microsoft makes no guarantees such mappings will not be recreated when installing other related software components.
Users of beta copies of Windows XP should upgrade to a newer version of the software when it becomes available.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft||Affected||18 Jun 2001||16 Aug 2001|
CVSS Metrics (Learn More)
Our thanks to Microsoft Corporation and eEye Digital Security for contributing technical information about this vulnerability.
This document was written by Jeffrey S. Havrilla
- CVE IDs: CAN-2001-0500
- CERT Advisory: CA-2001-13
- Date Public: 18 Jun 2001
- Date First Published: 19 Jun 2001
- Date Last Updated: 16 Aug 2001
- Severity Metric: 69.30
- Document Revision: 29
If you have feedback, comments, or additional information about this vulnerability, please send us email.