search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Microsoft Internet Information Services vulnerable to remote code execution via specially crafted ASP file

Vulnerability Note VU#395588

Original Release Date: 2006-07-11 | Last Revised: 2006-07-19

Overview

Microsoft Internet Information Services (IIS) contains a buffer overflow vulnerability. This may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system.

Description

IIS

IIS is a web server that comes with Microsoft Windows.

ASP

ASP (Active Server Pages) is a technology for creating dynamic web sites. IIS includes the ability to serve ASP content.

The problem

IIS contains a buffer overflow in the handling of specially crafted ASP pages.

Impact

A remote, authenticated attacker may be able to run arbitrary code on a vulnerable system. This code would run with the privileges of IWAM_<machinename> on a system with IIS 5.0 and 5.1, and it would run with NetworkService privileges on a system with IIS 6.0.

Solution

Apply an update
This vulnerability is addressed by the updates provided by MS06-034.

Vendor Information

395588
 
Expand all

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx

Acknowledgements

Thanks to Microsoft for reporting this vulnerability, who in turn credit Brett Moore of Security-Assessment.com.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2006-0026
Severity Metric: 19.43
Date Public: 2006-07-11
Date First Published: 2006-07-11
Date Last Updated: 2006-07-19 12:28 UTC
Document Revision: 8

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis