Signature Detail

HTTP: IIS HTR/IDC/STM Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Microsoft IIS 4.0 ism.dll (for .htr, .stm, .idc file extensions). Attackers can create a malformed request for the vulnerable file extensions and cause a buffer overflow, which can lead to a denial-of-service condition or arbitrary code execution.

Extended Description

Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execute arbitrary code on the target machine. IIS supports a number of file extensions that require futher processing. When a request is made for one of these types of files a specific DLL processes it. A stack buffer overflow vulnerability exists in several of these DLL's while handling .HTR, .STM or .IDC extensions.

Affected Products

• Microsoft IIS 4.0

References

• BugTraq: 4474
• BugTraq: 307
• CERT: CA-2002-09
• CERT: CA-1999-07
• CVE: CVE-1999-0874
• CVE: CVE-2002-0071
• URL: http://www.cert.org/advisories/CA-1999-07.html
• URL: http://support.microsoft.com/default.aspx?scid=kb;[LN];234905
• URL: http://ciac.llnl.gov/ciac/bulletins/j-048.shtml