Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Internet Information Services multiple security vulnerabilities
Published:16.09.2010
Source:
SecurityVulns ID:11145
Type:remote
Threat Level:
9/10
Description:Authentication bypass, buffer overflow, DoS.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability.")
 CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability.")
 CVE-2010-1899 (Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS10-065 - Important Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960) (16.09.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod