Reported April 16, 2001, by Microsoft.
· Microsoft Internet Security and Acceleration (ISA) Server 2000
When using Web publishing to bridge HTTP traffic to a Web server, a malicious attacker can use an invalid Web request containing a certain malformed argument to cause an access violation in the Web proxy service, denying service for legitimate traffic. Microsoft disables this service by default.
Discovered by Dr. Richard Reiner, Graham Wiseman, Matthew Siemens, and Kent Nicolson of SecureXpert Labs, a division of FSC Internet Corporation.