Intrusion Prevention

WebDAV.NTDLL.DLL.Buffer.Overflow

Description


This indicates a buffer overflow vulnerability in Microsoft Internet Information Service (IIS) version 5.0 with WebDAV enabled.


IIS 5.0 supports the Distributed Authoring and Versioning (DAV) extensions of the HTTP protocol as defined in RFC 2518. By default, the entire Web space of IIS is capable of responding to WebDAV requests. Due to inadequate boundary checking, a remote attacker can cause buffer overflow on a target system by passing it a specially-crafted URL request.

Affected Products

Unprotected Windows 2000 or Windows NT 4.0 systems have IIS 5 with WebDAV enabled are vulnerable to the attack.

Impact

The attacker can gain remote access to the victim system and execute arbitrary code on it.

Recommended Actions

Apply appropriate patches or upgrade the system to the latest non-vulnerable version


Disable WebDAV unless absolutely required.

CVE References

CVE-2003-0109

Other References

1 1