Rapid7 Vulnerability & Exploit Database

Microsoft IIS Chunked Transfer Encoding Heap Overflow

Back to Search

Microsoft IIS Chunked Transfer Encoding Heap Overflow

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
04/22/2002
Created
07/25/2018
Added
11/01/2004
Modified
12/04/2013

Description

A buffer overrun vulnerability involving the operation of the chunked encoding transfer mechanism via Active Server Pages in IIS 4.0 and 5.0. An attacker who exploited this vulnerability could overrun heap memory on the system, with the result of either causing the IIS service to fail or allowing code to be run on the server.

A variant of this vulnerability which lies elsewhere within the ASP data transfer mechanism was discovered by Microsoft. It could be exploited in a similar manner as the preceding vulnerability, and would have the same scope. However, it affects IIS 4.0, 5.0, and 5.1.

Solution(s)

  • http-iis-0061

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;