• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft IIS HTR ISAPI Extension Buffer Overflow Vulnerability

A buffer overflow in the HTR ISAPI extension has been reported for Microsoft IIS (Internet Information Services).

This condition affects IIS 4.0, IIS 5.0 and may be effectively mitigated by disabling the extension.

Exploitation of this vulnerability may result in a denial of service or allow for a remote attacker to execute arbitrary instructions on the victim host.

A number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves.