Rapid7 Vulnerability & Exploit Database

IIS 4.0 fpcount.exe Buffer Overflow Vulnerability

Back to Search

IIS 4.0 fpcount.exe Buffer Overflow Vulnerability

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
01/14/1999
Created
07/25/2018
Added
11/01/2004
Modified
05/16/2013

Description

fpcount.exe is a site visit counter included with Internet Information Server version 4.0 if FrontPage Server Extensions are also installed. Furthermore, upgrading from IIS 4 to IIS 5 does not overwrite the vulnerable file with the updated version, so it is possible for the exploit to be carried out on IIS 5 servers.

A vulnerability in the package could allow a user to execute arbitrary code on a running server. The problem lies in a buffer overflow in the fpcount.exe binary. It is possible to exploit the buffer overflow in fpcount.exe remotely, thus overwriting stack variables, including the return address. This design flaw makes it possible for a user with malicious motives to execute arbitrary code, and potentially gain access and possibly administrative privileges to a remote system.

This vulnerability has also been known to restart the IIS services.

Solution(s)

  • http-iis-0047

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;