VULHUB ™

A buffer overflow related to the processing of requested filenames that are to be included in file includes in ASP scripts has been reported for Microsoft IIS (Internet Information Services). A condition exists that may allow for an existing bounds check on potentially user-supplied input to be bypassed, resulting in a potential buffer overflow. This condition affects IIS 4.0, IIS 5.0 and IIS 5.1. Exploitation requires that the attacker can influence when and how the file is included. Exploitation of this vulnerability may result in a denial of service or allow for a remote attacker to execute arbitrary instructions on the victim host. A number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves.

A buffer overflow related to the processing of requested filenames that are to be included in file includes in ASP scripts has been reported for Microsoft IIS (Internet Information Services). A condition exists that may allow for an existing bounds check on potentially user-supplied input to be bypassed, resulting in a potential buffer overflow. This condition affects IIS 4.0, IIS 5.0 and IIS 5.1. Exploitation requires that the attacker can influence when and how the file is included. Exploitation of this vulnerability may result in a denial of service or allow for a remote attacker to execute arbitrary instructions on the victim host. A number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves.