Signature Detail
Short Name |
HTTP:IIS:MFC-EXT-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
IIS |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: IIS MFC ISAPI Framework Overflow (via ext.dll)
This signature detects attempts to exploit a known vulnerability against Microsoft IIS. A maliciously crafted HTTP request can exploit a buffer overflow condition in mfc42.dll by way of ext.dll. Attackers can gain local access to an IIS server.
Extended Description
The Microsoft Foundation Class Library is a library used to develop applications for Microsoft Windows. Some versions of the MFC include an ISAPI class, which can be used to construct applications which extend web server functionality. Reportedly, a possible vulnerability exists in some versions of this class. It may be possible to cause a buffer overflow condition in software compiled with vulnerable versions of the library. Exploitation details will vary across different products compiled against the vulnerable library. This issue may be related to misleading Content-Length headers contained in a HTTP POST request. This vulnerability was originally believed to be an issue with Working Resources BadBlue web server. In this case, exploitation has been demonstrated to result in a denial of service condition.
Affected Products
- Microsoft Foundation Class Library 7.0
- Working Resources Inc. BadBlue Enterprise Edition 1.7.3
- Working Resources Inc. BadBlue Personal Edition 1.7.3
References