*This one appears not to be needed if IIS is not installed or disabled, and it's not installed by default. Also, the ASP Services can be disabled if it's not needed it shows up under "Services". (It's disabled on mine). -Clint
TITLE: Microsoft Internet Information Services ASP Code Buffer Overflow SECUNIA ADVISORY ID: SA21006 VERIFY ADVISORY: http://secunia.com/advisories/21006/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Internet Information Services (IIS) 5.x http://secunia.com/product/39/ Microsoft Internet Information Services (IIS) 6 http://secunia.com/product/1438/ DESCRIPTION: A vulnerability has been reported in Microsoft Internet Information Services, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the handling of ASP code. This can be exploited by placing and executing maliciously crafted ASP code. Successful exploitation requires access to upload ASP code to a web folder. SOLUTION: Apply patches. Microsoft Windows 2000 (requires SP4): http://www.microsoft.com/downloads/details.aspx?FamilyId=c917d6da-da2d-402c-a870-1de3cbd21ebf Microsoft Windows XP Professional (requires SP1 or SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=55d3ca3a-97fc-4e22-8ecc-9416ebc993c4 Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=4e19b792-7505-4453-b460-5a16915443db Microsoft Windows Server 2003 (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=c5e274a8-f962-4944-8878-6b88b1592bbf Microsoft Windows Server 2003 (Itanium) (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=e2dc245e-d0f3-41b9-b090-68a2118001cb Microsoft Windows Server 2003 x64 Edition family: http://www.microsoft.com/downloads/details.aspx?FamilyId=f29c886d-b896-4fcf-a22b-2c1a53b1a9eb *ORIGINAL ADVISORY: MS06-034 (KB917537): http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
