|
|
1999-06-15 A remote attack that will succeed against most Microsoft IIS4 web servers, pre SP5.
- eEye Advisory-The original advisory on this issue.
- eEye Exploit-Exploit code that will compromise a server.
- Microsoft Security Bulletin (MS99-019)-Microsoft has released a workaround that eliminates a vulnerability in Microsoft® Internet Information Server 4.0. The vulnerability could allow denial of service attacks against an IIS server or, under certain conditions, could allow arbitrary code to be run on the server.
CERT: CA-99-07-IIS-Buffer-Overflow-A buffer overflow vulnerability affecting Microsoft Internet Information Server 4.0 has been discovered in the ISM.DLL library. According to Microsoft, ISM.DLL is the "filter DLL that processes .HTR files. HTR files enable remote administration of user passwords." - DataFellows: IISHACK-Once a machine has been compromised with the IISHACK from eEye, the virus scanner will remove it.
|
|
