Reported June 18, 2001, by Microsoft.

VERSIONS AFFECTED

 

  • Microsoft Internet Information Server 4.0

  • Microsoft Internet Information Services 5.0

  • Microsoft Internet Information Service XP beta

 

DESCRIPTION
A vulnerability exists in Microsoft Index Server that can let an attacker execute code under the system security context and take any action on the server, including assuming full control of the server. This vulnerability stems from an unchecked buffer in the Index Server Internet Server API (ISAPI) extension idq.dll, which provides support for administration scripts. The buffer overrun condition occurs before any indexing is requested—therefore the server remains vulnerable even if the Index Service isn't running. If you have the script mappings for .ida and .idq extensions in place and users can establish Web sessions to the server, you have a vulnerable server.

 

VENDOR RESPONSE

The vendor, Microsoft, has released security bulletin MS01-033 for this vulnerability and recommends that users immediately apply the patch specified in the bulletin. The company further recommends that you remove script mappings for .ida and .idq extensions under IIS if you're not using them as mentioned in the security checklists for IIS 4.0 and IIS 5.0.

 

CREDIT
Discovered by Riley Hassell of eEye Digital Security.