漏洞类别:Web server漏洞等级: 
漏洞信息
Web printing is activated! If you have already applied the appropriate patches to Microsoft IIS, then you can safely ignore this vulnerability.
Internet Printing Protocol (IPP) enables remote users to submit various print related jobs over the Internet via the HTTP protocol (.print). An unchecked buffer exists in the Internet printing ISAPI extension in Windows 2000 that handles user requests (C:\WINNT\System32\msw3prt.dll). IPP is dependant on msw3prt.dll for functionality.
A host running Windows 2000 with IIS Version 5.0 is susceptible to the execution of arbitrary code via an unchecked buffer in msw3prt.dll. If an HTTP .print request containing approximately 420 bytes in the 'Host:' field is sent to the target, then IIS will experience a buffer overflow and allow the execution of arbitrary code.
Unfortunately, the Internet printing ISAPI extension runs in the LOCAL SYSTEM context; therefore, an unauthorized remote user can specify arbitrary code to be run at SYSTEM privileges.
漏洞危害
Typically, a Web server would stop responding in a buffer overflow condition; however, once Windows 2000 detects an unresponsive Web server, it automatically performs a restart. Therefore, the administrator will not be aware of this attack.
Successful exploitation of this vulnerability could lead to a complete compromise of the target host.
解决方案
Patch:
Following are links for downloading patches to fix the vulnerabilities:
MS01-023: Microsoft Windows 2000 Professional, Windows 2000 Server and Windows 2000 Advanced Server
Virtual Patches:
Trend Micro Virtual Patching
Virtual Patch #1000389: Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability
Virtual Patch #1000611: IIS 5.0 Printer Buffer Overflow (MSF)
漏洞类别:Web server漏洞等级:
漏洞信息
Web printing is activated! If you have already applied the appropriate patches to Microsoft IIS, then you can safely ignore this vulnerability.
Internet Printing Protocol (IPP) enables remote users to submit various print related jobs over the Internet via the HTTP protocol (.print). An unchecked buffer exists in the Internet printing ISAPI extension in Windows 2000 that handles user requests (C:\WINNT\System32\msw3prt.dll). IPP is dependant on msw3prt.dll for functionality.
A host running Windows 2000 with IIS Version 5.0 is susceptible to the execution of arbitrary code via an unchecked buffer in msw3prt.dll. If an HTTP .print request containing approximately 420 bytes in the 'Host:' field is sent to the target, then IIS will experience a buffer overflow and allow the execution of arbitrary code.
Unfortunately, the Internet printing ISAPI extension runs in the LOCAL SYSTEM context; therefore, an unauthorized remote user can specify arbitrary code to be run at SYSTEM privileges.
漏洞危害
Typically, a Web server would stop responding in a buffer overflow condition; however, once Windows 2000 detects an unresponsive Web server, it automatically performs a restart. Therefore, the administrator will not be aware of this attack.
Successful exploitation of this vulnerability could lead to a complete compromise of the target host.
解决方案
Patch:
Following are links for downloading patches to fix the vulnerabilities:
MS01-023: Microsoft Windows 2000 Professional, Windows 2000 Server and Windows 2000 Advanced Server
Virtual Patches:
Trend Micro Virtual Patching
Virtual Patch #1000389: Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability
Virtual Patch #1000611: IIS 5.0 Printer Buffer Overflow (MSF)
0day
文章评论