Biting the hand that feeds IT
Biting the hand that feeds IT
Software:
|
|
News ToolsReg Shops |
The Register » Software » ![[Print]](/Design/graphics/icons/pf.png "Printer-friendly version"){kind=icon} ![[Mobile]](/Design/graphics/icons/regmob.png "Read The Reg on your mobile phone"){kind=icon} ![[Alerts]](/Design/graphics/icons/alerts.png "Reg Desktop News Alerts"){kind=icon}
IIS buffer-overrun attack has been scriptedNo skillz? No worriezPublished Friday 6th July 2001 07:42 GMT A Japanese computer enthusiast named 'HighSpeed Junkie' has developed an attack script for a recently-identified unchecked buffer in the Microsoft IIS (Internet Information Services) Indexing Service ISAPI filter, which, if exploited, can yield system-level access to an intruder. At issue is IDQ.DLL, a component of Index Server (or 'Indexing Service' in W2K) which supports administrative scripts (.IDA files) and Internet Data Queries (.IDQ files). The library is installed by default on all IIS versions and implementations. The service need not be running for an attacker to exploit the vulnerability. So long as script mapping for .IDQ or .IDA files is present and an attacker can establish a Web session, the exploit will work. The vulnerability was first reported by eEye Security on 18 June. The attack script was released on 21 June, and posted to the Win2KSecAdvice mailing list on 27 June. Patches are available for NT and 2K, except for W2K Datacenter Server, whose users need to bug their OEMs. The hole will be bunged in Win-XP before it and its Raw Socket Terror are unleashed upon the public. ® Related LinksThe relevant MS security bulletin
Track this type of story as a custom Atom/RSS feed or by email.
|
Developer HeadlinesThe UK's latest developer news from MSDN
|
Top 20 stories • All The Week’s Headlines • Archive • Search
Post to Slashdot
Digg this
Add to del.icio.us
Reddit
Previous Article
