• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

IIS 4.0 fpcount.exe Buffer Overflow Vulnerability

fpcount.exe is a site visit counter included with the Internet Information Server version 4.0. IIS 4.0 is part of the Microsoft Windows NT 4.0 Operating System, distributed and maintained by the Microsoft Corporation.

A vulnerability in the package could allow a user to execute arbitrary code on a running server. The problem lies in a buffer overflow in the fpcount.exe binary. It is possible to exploit the buffer overflow in fpcount.exe remotely, thus overwriting stack variables, including the return address. This design flaw makes it possible for a user with malicious motives to execute arbitrary code, and potentially gain access and possibly administrative privileges to a remote system.