Reported March 17, 2003, by Microsoft.
· Microsoft Windows 2000
A new vulnerability in Windows 2000 can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from an unchecked buffer in a component that Web Distributed Authoring and Versioning (WebDAV) uses. An attacker can exploit this vulnerability by sending a specially formed HTTP request to a machine running Microsoft Internet Information Server (IIS). The request can cause the server to fail or execute code of the attacker’s choice.
Microsoft has released Security Bulletin MS03-007, “Unchecked Buffer In Windows Component Could Cause Web Server Compromise” (815021), to address this vulnerability and recommends that affected users immediately apply the patch mentioned in the bulletin.
Discovered by Microsoft.