Buffer Overflow in Microsoft Web Component
Reported April 14, 2000 by rain.forrest.puppy and CORE SDI
The affected item, dvwssr.dll, is a server-side component used to support the Link View feature in Visual Interdev 1.0. The component contains a buffer overflow condition, which if overrun with random data could crash the server may even allow arbitrary code to run on the server under the context of the all-powerful System account.
According to Gerardo Richarte of CORE-SDI, The code where the buffer overflow resides is as follows:
In addition to the overflow condition, Microsoft"s bulletin indicates a potential permissions problem: "By default, the affected component, Dvwssr.dll, resides in a folder whose permissions only allow web authors to execute it. Under these conditions, only a person with web author privileges could exploit the vulnerability - but a web author already has the ability to upload and execute code of his choice, so this case represents little additional threat. However, if the permissions on the folder were set inappropriately, or the .dll were copied to a folder with lower permissions, it could be possible for other users to execute the component and exploit the vulnerability."
A simple PERL script can cause the crash:
Microsoft has issued a security bulleting (MS00-025) that recommends that users delete all copies of the dvwssr.dll file on their Web systems. Doing so will break the Link View functionality of Visual InterDev, however since that package is so old, Microsoft feels that only a few users still use the older development platform and therefore, only a few users will be affected by deleting the file. Be sure to read Support Online article Q259799
To delete the file, use the "Find | Files or Folders" utility on the Start Menu to search all directories on your Web server file systems for "dvwssr.dll." The utility will locate all copies of the affected DLL. Once the search is complete, right-click on each instance of the file in the dialog and select Delete to remove the file from your system. Be sure to empty the Recycle Bin after you have deleted the files. This way no one can inadvertantly restore those files back onto the system.
Discovered and reported by rain.forrest.puppy and CORE-SDI