MS00-006_MALFORMED_HIGHLIGHT_ARG_EXPLOIT
Data de publicação: 04 fevereiro 2011
Schweregrad: : Crítico
Data do informe: 04 fevereiro 2011
Descrição
Microsoft ISAPI Index Server contains a vulnerability wherein a remote attacker can access random files outside of the Web path. The affected file webhits.dll library is not properly validated user input. By Creating a specially crafted request to a script, it would be possible to read random files on the system.
Exposição das informações
Users of Trend Micro PC-cillin Internet Security and Network VirusWall can detect this exploit at the network layer with Network Virus Pattern (NVP) 10172 or later.
Download the latest NVW pattern file from the following site:
http://www.trendmicro.com/download/product.asp?productid=45
Software infectado e versão:
- Microsoft Index Server 2.0
- Indexing Service in Windows 2000