Oval Definition:
oval:org.mitre.oval:def:2204
Revision Date
:
2008-03-24
Version
:
22
Title
:
IIS4.0 Redirect Function Buffer Overflow
Description
:
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.
Family
:
windows
Class
:
vulnerability
Status
:
ACCEPTED
Reference(s)
:
CVE-2004-0205
Platform(s)
:
Microsoft Windows NT
Product(s)
:
Microsoft Internet Information Server (IIS)
Definition Synopsis
Software section
Microsoft Windows NT is installed
AND
IIS 4.0 Major Version
AND
IIS minor version equals 0
AND
NOT
the patch q841373 is installed (Hotfix key)
AND
the version of w3svc.dll is less than 4.2.788.1
AND
Configuration section
Permanent redirects enabled
AND
NOT
MaxClientRequestBufferData less than or equal to 16384
BACK