Intrusion Prevention



This indicates a buffer overflow vulnerability in the processing of files with extensions .HTR, .STM and .IDC in Microsoft Internet Information Server (IIS).

Due to a buffer checking error, an attacker can send a malformed request to crash an IIS. An attacker can also send a specially-crafted message to a target system and execute arbitrary code on it.

Affected Products

Microsoft Internet Information Server version 4.0


Attackers can execute arbitrary code on infected machine and cause Denial-of-Service

Recommended Actions

Apply patch at or upgrade the system to the latest non-vulnerable version

Other References