Related information Multiple bugs in Microsoft Internet Information Server [SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability [A3SC] MS IIS out of process privilege elevation vulnerability(A3C R@K-Vul-2002-06-002) Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002) Microsoft Security Bulletin MS02-062: Cumulative Patch for Internet Information Service (Q327696) From:Dave Aitel <daitel_(at)_atstake.com> Date:11.04.2002Subject:SPIKE version released that detects .HTR and ISAPI overflows (see spike.sourceforge.net)At long last, SPIKE is once again allowed to be public. This is the fuzzer creation kit I wrote that finds the .HTR and ISAPI overflow vulnerabilities discussed here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulle tin/MS02-018.asp and here: http://www.atstake.com/research/advisories (The Microsoft advisory currently misattributes this vulnerability to Chris Wysopal instead of me :<.) Anyways, the new SPIKE is available (in source code form only) from spike.sourceforge.net, as is the rather extensive Changelog. It's pretty useful for generic web app auditing as well now. Yes, SPIKE is still GPL. Dave Aitel
Multiple bugs in Microsoft Internet Information Server
[SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability
[A3SC] MS IIS out of process privilege elevation vulnerability(A3C R@K-Vul-2002-06-002)
Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002)
Microsoft Security Bulletin MS02-062: Cumulative Patch for Internet Information Service (Q327696)
