Reported May 1, 2001, by Microsoft.

VERSIONS AFFECTED

 

  • Microsoft Windows 2000 Server

  • Microsoft Windows 2000 Advanced Server

  • Microsoft Windows 2000 Data Center Server

  • Microsoft Internet Information Services 5.0

DESCRIPTION

A buffer overflow condition exists in Internet Information Services (IIS) 5.0 that could let an attacker choose code to run under the system’s security context. This vulnerability stems from an unchecked buffer in the Internet Server API (ISAPI) .printer extension (C:\WINNT\System32\msw3prt.dll) that handles the input parameters to support the Internet Printing Protocol (IPP). The overflow condition occurs when a user sends approximately 420 bytes within the HTTP Host: header for a .printer ISAPI request. See eEye Digital Security for a more detailed advisory.

 

VENDOR RESPONSE

 

Microsoft has issued security bulletin MS01-023 to address this vulnerability, and has also issued a hotfix that fixes the unchecked buffer in the ISAPI extension that handles the input parameters. Users who are unable to apply this hotfix should remove the mapping for the Internet printing ISAPI extension. Microsoft’s Secure Internet Information Services 5 Checklist provides more information on this procedure.

 

CREDIT


Discovered by Riley Hasel and Ryan Permeh of eEye Digital Security