The Computer Emergency Response Team (CERT/CC) on Monday issued an advisory for a buffer overflow vulnerability in Microsoft IIS 5.0 running on Microsoft Windows 2000, warning sysadmins that an exploit is already circulating.
Microsoft issued a "critical" rating on the flaw and issued a patch while warning that the vulnerability may allow a remote attacker to run arbitrary code on an infected machine.
"An exploit is publicly available for this vulnerability, which increases the urgency that system administrators apply a patch," the Center warned. IIS 5.0 is installed and running by default on Microsoft Windows 2000 server products.
CERT/CC said the unchecked buffer was detected in a Windows component of the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol, which is supported by Windows 2000. An attacker could send a specially formed HTTP request to a machine running IIS, causing the server to fail or to execute code of the attacker's choice.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
WebDAV uses IIS to pass requests to and from Windows 2000. Microsoft explained that when IIS receives a WebDAV request, it typically processes the request and then acts on it. However, if the request is formed in a particular way, a buffer overrun can result because one of the Windows components called by WebDAV does not correctly check parameters.