Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability Network Vulnerability

Summary

The host is running Microsoft IIS Webserver and is prone to stack based buffer overflow vulnerability.

Impact

Successful exploitation will let the remote unauthenticated attackers to force the IIS server to become unresponsive until the IIS service is restarted manually by the administrator. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms10-065.mspx

Insight

The flaw is due to a stack overflow error in the in the IIS worker process which can be exploited using a crafted POST request to hosted 'ASP' pages.

Affected

Microsoft Internet Information Services version 6.0

References

http://bug.zerobox.org/show-2780-1.html
http://www.exploit-db.com/exploits/15167/

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-2730
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Lighttpd Multiple vulnerabilities
CERN httpd CGI name heap overflow
IIS Remote Command Execution
JBoss Application Server Multiple Vulnerabilities
nginx HTTP Request Remote Buffer Overflow Vulnerability

Take action and discover your vulnerabilities