MS06-034 - unchecked IIS buffer vulnerability in ASP files processing
This patch fixes what seems to be a buffer overflow in IIS. This buffer overflow can be exploited when IIS is processing ASP files.
In other words, in order to exploit this vulnerability, an attacker has to somehow be able to upload ASP files on the target server, which is running IIS (versions 5.0, 5.1 and 6.0 are affected). Normally, you would require a user to authenticate before they can upload files to the server, so the vulnerability is rated moderate/important.
In case that you do allow people to upload ASP files on your IIS server, it would be wise to apply the patch as soon as possible, although we don't know about any public exploits yet.
Microsoft's advisory is at http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx.
CVE at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0026.
In other words, in order to exploit this vulnerability, an attacker has to somehow be able to upload ASP files on the target server, which is running IIS (versions 5.0, 5.1 and 6.0 are affected). Normally, you would require a user to authenticate before they can upload files to the server, so the vulnerability is rated moderate/important.
In case that you do allow people to upload ASP files on your IIS server, it would be wise to apply the patch as soon as possible, although we don't know about any public exploits yet.
Microsoft's advisory is at http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx.
CVE at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0026.
Keywords:
0 comment(s)
My next class:
| Web App Penetration Testing and Ethical Hacking | Amsterdam | Mar 31st - Apr 5th 2025 |
×
![modal content]()
Diary Archives
Comments