Reported March 17, 2003, by Microsoft.

 

 

VERSIONS AFFECTED

 

·         Microsoft Windows 2000

 

 

DESCRIPTION

 

A new vulnerability in Windows 2000 can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from an unchecked buffer in a component that Web Distributed Authoring and Versioning (WebDAV) uses. An attacker can exploit this vulnerability by sending a specially formed HTTP request to a machine running Microsoft Internet Information Server (IIS). The request can cause the server to fail or execute code of the attacker’s choice.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-007, “Unchecked Buffer In Windows Component Could Cause Web Server Compromise” (815021), to address this vulnerability and recommends that affected users immediately apply the patch mentioned in the bulletin.

 

CREDIT          

Discovered by Microsoft.