Reported February 19, 2002, by Next Generation Security Software, LTD.

 

VERSIONS AFFECTED

 

  • NetWin WebNEWS for Windows 2000 and Windows NT 4.0

 

DESCRIPTION

A buffer overrun vulnerability exists in NetWin’s WebNEWS for Windows 2000 and NT 4.0 that could allow a potential attacker to execute code under the same security context that IIS is running under (Typically IUSR_MACHINENAME). By sending an overly long string of 1500 bytes or more supplied in the group parameter of the query string when the server receives a valid "utoken", it is possible to trigger this condition. A more detailed explanation is available in the discoverer’s advisory.

 

 

VENDOR RESPONSE

 

NetWin has released a new version that fixes this vulnerability.

 

CREDIT


Discovered by Mark Litchfield.