Microsoft Security Advisory MS01-044 - Five new security vulnerabilities have been discovered in IIS 4.0 and 5.0. A buffer overrun vulnerability involving the code that performs server-side include (SSI) directives. An attacker with the ability to place content onto a server can include a malformed SSI directive that, when the content was processed, results in code of the attacker's choice running in Local System context. A privilege elevation vulnerability results because of a flaw in a table that IIS 5.0 uses. The vulnerability results in any file whose name matched that of a file on the list would run in-process. Three denial of service vulnerabilities have been discovered, one of which keeps IIS 5.0 from serving content until the admin removes the spurious entry from the File Type table for the site. A cumulative patch for IIS has been released which fixes these bugs and includes the functionality of all security patches released to date for IIS 5.0, and all patches released...
Microsoft Security Advisory MS01-044 - Five new security vulnerabilities have been discovered in IIS 4.0 and 5.0. A buffer overrun vulnerability involving the code that performs server-side include (SSI) directives. An attacker with the ability to place content onto a server can include a malformed SSI directive that, when the content was processed, results in code of the attacker's choice running in Local System context. A privilege elevation vulnerability results because of a flaw in a table that IIS 5.0 uses. The vulnerability results in any file whose name matched that of a file on the list would run in-process. Three denial of service vulnerabilities have been discovered, one of which keeps IIS 5.0 from serving content until the admin removes the spurious entry from the File Type table for the site. A cumulative patch for IIS has been released which fixes these bugs and includes the functionality of all security patches released to date for IIS 5.0, and all patches released for IIS 4.0 since Windows NT(r) 4.0 Service Pack 5. Microsoft FAQ on these issues available here.
