Reported July 13, 2004, by Microsoft

VERSIONS AFFECTED

  • Windows NT 4.0

DESCRIPTION
A vulnerability exists in Microsoft Internet Information Server (IIS) 4.0 that could result in arbitrary remote code execution and remote compromise of the vulnerable system. This vulnerability is a result of a buffer overflow condition in the redirect function.

VENDOR RESPONSE
Microsoft has released bulletin MS04-021, "Security Update for IIS 4.0 (841373)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Microsoft.