Microsoft IIS 4.0 Chunked Transfer Encoding Buffer Overflow Vulnerability

Due to unchecked buffer code that handles chunked encoding transfers, remote users are able to consume CPU cycles in Microsoft IIS until the program is rendered completely unstable and eventually crash. The remote user can request a POST or PUT command using chunked transfer encoding compromised of a large buffer without actually filling it. This can cause the server to hang indefinitely until the remote user cancels the session or until the IIS service is stopped and restarted.


 

Privacy Statement
Copyright 2010, SecurityFocus