Oval Definition:	oval:org.mitre.oval:def:29
Revision Date: 2011-05-16 Version: 20 Title: Windows 2000 IIS Heap Overrun in HTR Chunked Encoding Description: Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2002-0364 Platform(s): Microsoft Windows 2000 Product(s): Microsoft Internet Information Server (IIS) Definition Synopsis Software section IIS major version equals 5 AND IIS minor version equals 0 AND File %windir%\system32\inetsrv\ism.dll version is less than 5.0.2195.5671 AND NOT Patch Q321599 Installed AND NOT Patch Q327696 Installed AND NOT Patch Q811114 Installed AND NOT Win2K/XP/2003 service pack 3 (or later) is installed AND Configuration section ism.dll mapping exists
BACK