Test Kennung:	1.3.6.1.4.1.25623.1.0.11028
Kategorie:	Gain root remotely
Titel:	IIS .HTR overflow
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote server is vulnerable to a buffer overflow in the .HTR filter. An attacker may use this flaw to execute arbitrary code on this host (although the exploitation of this flaw is considered as being difficult). Solution: To unmap the .HTR extension: 1.Open Internet Services Manager. 2.Right-click the Web server choose Properties from the context menu. 3.Master Properties 4.Select WWW Service -> Edit -> HomeDirectory -> Configuration and remove the reference to .htr from the list. See MS bulletin MS02-028 for a patch Risk factor : High
Querverweis:	BugTraq ID: 4855 BugTraq ID: 5003 Common Vulnerability Exposure (CVE) ID: CVE-2002-0364 http://www.securityfocus.com/bid/4855 Bugtraq: 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] (Google Search) http://marc.info/?l=bugtraq&m=102392069305962&w=2 Bugtraq: 20020613 VNA - .HTR HEAP OVERFLOW (Google Search) http://online.securityfocus.com/archive/1/276767 CERT/CC vulnerability note: VU#313819 http://www.kb.cert.org/vuls/id/313819 Microsoft Security Bulletin: MS02-028 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-028 http://marc.info/?l=ntbugtraq&m=102392308608100&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A182 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A29 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html http://www.iss.net/security_center/static/9327.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0071 @stake Security Advisory: A041002-1 http://www.atstake.com/research/advisories/2002/a041002-1.txt BugTraq ID: 4474 http://www.securityfocus.com/bid/4474 Bugtraq: 20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun (Google Search) http://marc.info/?l=bugtraq&m=101854087828265&w=2 http://www.cert.org/advisories/CA-2002-09.html CERT/CC vulnerability note: VU#363715 http://www.kb.cert.org/vuls/id/363715 Cisco Security Advisory: 20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Microsoft Security Bulletin: MS02-018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 http://www.osvdb.org/3325 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A130 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A45 http://www.iss.net/security_center/static/8799.php
Copyright	This script is Copyright (C) 2002 Renaud Deraison

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.