Home page logo

isn logo Information Security News mailing list archives

IIS buffer-overrun attack has been scripted
From: InfoSec News <isn () c4i org>
Date: Mon, 9 Jul 2001 03:19:01 -0500 (CDT)


By Thomas C Greene in Washington
Posted: 06/07/2001 at 07:42 GMT

A Japanese computer enthusiast named 'HighSpeed Junkie' has developed
an attack script for a recently-identified unchecked buffer in the
Microsoft IIS (Internet Information Services) Indexing Service ISAPI
filter, which, if exploited, can yield system-level access to an

At issue is IDQ.DLL, a component of Index Server (or 'Indexing
Service' in W2K) which supports administrative scripts (.IDA files)
and Internet Data Queries (.IDQ files). The library is installed by
default on all IIS versions and implementations.

The service need not be running for an attacker to exploit the
vulnerability. So long as script mapping for .IDQ or .IDA files is
present and an attacker can establish a Web session, the exploit will

The vulnerability was first reported by eEye Security on 18 June. The
attack script was released on 21 June, and posted to the
Win2KSecAdvice mailing list on 27 June.

Patches are available for NT and 2K, except for W2K Datacenter Server,
whose users need to bug their OEMs. The hole will be bunged in Win-XP
before it and its Raw Socket Terror are unleashed upon the public.

ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com 

  By Date           By Thread  

Current thread:
  • IIS buffer-overrun attack has been scripted InfoSec News (Jul 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]