Signature Detail
Short Name |
HTTP:IIS:FPCOUNT-OVERFLOW |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
IIS 4.0 fpcount.exe Buffer Overflow |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: IIS 4.0 fpcount.exe Buffer Overflow
This signature detects attempts to exploit a known vulnerability against fpcount.exe in Microsoft IIS 4.0. Attackers can overflow the fpcount.exe buffer and execute arbitrary commands with system privileges.
Extended Description
fpcount.exe is a site visit counter included with the Internet Information Server version 4.0. IIS 4.0 is part of the Microsoft Windows NT 4.0 Operating System, distributed and maintained by the Microsoft Corporation. A vulnerability in the package could allow a user to execute arbitrary code on a running server. The problem lies in a buffer overflow in the fpcount.exe binary. It is possible to exploit the buffer overflow in fpcount.exe remotely, thus overwriting stack variables, including the return address. This design flaw makes it possible for a user with malicious motives to execute arbitrary code, and potentially gain access and possibly administrative privileges to a remote system.
Affected Products
- Microsoft IIS 4.0
References