GEN:SID | 1:2927 |
Message | NNTP XPAT pattern overflow attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in Microsoft implementation of the Network News Transport Protocol (NNTP) for Internet Information Server (IIS).
|
Impact | Execution of arbitrary code on the affected system
|
Detailed Information | The Microsoft implementation of NNTP for IIS contains a programming error in the processing of user supplied input that may present an attacker with multiple opportunites to execute code of their choosing on an affected system.
|
Affected Systems | . Microsoft Windows NT Server 4.0 NNTP component . Microsoft Windows 2000 Server NNTP component . Microsoft Windows Server 2003 NNTP Component . Microsoft Windows Server 2003 64-Bit Edition NNTP Component
|
Attack Scenarios | An attacker must supply specially crafted input to a vulnerable system to cause the overflow to occur.
|
Ease of Attack | Moderate. Example code exists.
|
Corrective Action | Apply the appropriate vendor supplied patches
Upgrade to the latest non-affected version of the software
|
Additional References | CORE Technologies: http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10
|
Rule References | url: www.microsoft.com/technet/security/bulletin/MS04-036.mspx
cve: 2004-0574
|