Info

Disclosure

Jul 11, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 11, 2006

Description

A remote overflow exists in Windows. Internet Information Services (IIS) fails to validate Active Server Pages (ASP) files resulting in a buffer overflow. With a specially crafted ASP file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	2000 SP4
		XP SP1
		XP SP2
		XP Professional x64 Edition
	Windows Server	2003
		2003 SP1
		2003 for Itanium
		2003 SP1 for Itanium
		2003 x64 Edition

References

Security Tracker: 1016466
Bugtraq ID: 18858
CVE ID: 2006-0026 (see also: NVD)
Milw0rm: 2056
Exploit Database: 2056
Secunia Advisory ID: 21006
SCIP VulDB ID: 2368
ISS X-Force ID: 26796
CERT VU: 395588
Microsoft Knowledge Base Article: 917537
VUPEN Advisory: ADV-2006-2752
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html
News Article: http://news.com.com/Microsoft+irons+out+security+patch/2100-1002_3-6096179.html
Microsoft Security Bulletin: MS06-034

Credit

Brett Moore - brett.mooresecurity-assessment.com - Security Assessment

Direct URL: http://osvdb.org/27152

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows

Windows Server

References

Credit