Info

Disclosure

Apr 08, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Commercial
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

OVAL ID: 182 29
CVE ID: 2002-0364 (see also: NVD)
CERT VU: 313819
Microsoft Knowledge Base Article: 321599
Bugtraq ID: 4855
ISS X-Force ID: 9327
Keyword: aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html
http://marc.theaimsgroup.com/?l=bugtraq&m=102392069305962&w=2
http://marc.theaimsgroup.com/?l=ntbugtraq&m=102392308608100&w=2
http://online.securityfocus.com/archive/1/276767
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/iis_htr_isapi
CIAC Advisory: m-089
Microsoft Security Bulletin: MS02-028

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/5316