Reported October 12, 2004, by Microsoft

VERSIONS AFFECTED

  • Windows Server 2003
  • Windows XP Service Pack 1 (SP1) and earlier
  • Windows 2000

DESCRIPTION
A vulnerability in the WWW Distributed Authoring and Versioning (WebDAV) XML Message Handler could result in a Denial of Service (DoS) condition on the vulnerable system. A potential attacker could exploit this vulnerability by sending a specially crafted WebDAV request to a server that's running Microsoft IIS and WebDAV, which could cause WebDAV to consume all available memory and CPU time on an affected server. The IIS service would have to be restarted to restore functionality.

VENDOR RESPONSE
Microsoft has released bulletin MS04-030, "Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Amit Klein and Sanctum.