Intrusion Prevention

MS.IIS.HTR.IDC.STM.File.Extension.Buffer.Overflow

Description

This indicates a buffer overflow vulnerability in the processing of files with extensions .HTR, .STM and .IDC in Microsoft Internet Information Server (IIS).


Due to a buffer checking error, an attacker can send a malformed request to crash an IIS. An attacker can also send a specially-crafted message to a target system and execute arbitrary code on it.

Affected Products

Microsoft Internet Information Server version 4.0

Impact

Attackers can execute arbitrary code on infected machine and cause Denial-of-Service

Recommended Actions

Apply patch at http://www.microsoft.com/technet/security/bulletin/ms99-019.mspx or upgrade the system to the latest non-vulnerable version