Microsoft Internet Information Server 5.1 DLL Request Remote Code Execution Vulnerability

Microsoft IIS is prone to a remote code-execution vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the vulnerable application, which may lead to the complete compromise of affected computers.

This issue affects Microsoft IIS 5.1 running on Windows XP SP2.

Note: this issue was previously reported as a denial-of-service vulnerability. New information from the vendor states that code execution is possible.


 

Privacy Statement
Copyright 2010, SecurityFocus