GEN:SID 1:1618
Message WEB-IIS .asp chunked Transfer-Encoding
Summary This event is generated when an attempt is made to exploit a buffer overflow associated with chunked encoding processing of Active Server Pages (ASP) in Internet Information Services (IIS).
Impact Remote Access.  If the exploit is successful, an attacker can gain remote access of the target host.
Detailed Information A buffer overflow exists with chunked encoding processing associated with ASP in IIS.  Chunked encoding allows different sized chunks of data to be passed from the web client to the server.  A heap overflow vulnerability exists because of an error in chunked encoding data transfer associated with the Internet Services Application Programming Interface (ISAPI) extension that implements ASP.
Affected Systems Microsoft IIS 4.0
  Cisco Building Broadband Service Manager 5.0
  Cisco Call Manager 1.0, 2.0, 3.0
  Cisco ICS 7750
  Cisco IP/VC 3540
  Cisco Unity Server 2.0, 2.2, 2.3, 2.4
  Cisco uOne 1.0, 2.0, 3.0, 4.0
  Microsoft BackOffice 4.0, 4.5
  Microsoft Windows NT 4.0 Option Pack

Microsoft IIS 5.0
  Microsoft Windows 2000 Advanced Server, SP1, SP2
  Microsoft Windows 2000 Datacenter Server SP1, SP2
  Microsoft Windows 2000 Professional, SP1, SP2
  Microsoft Windows 2000 Server, SP1, SP2
Attack Scenarios An attacker can craft a chunked encoded request to exploit the heap overflow.
Ease of Attack Easy.  Exploit code is freely available.
Corrective Action Apply the cumulative patch Q319733.

Additional References CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0079

Bugtraq
http://www.securityfocus.com/bid/4485

Microsoft
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-018.asp
Rule References bugtraq: 4474
bugtraq: 4485
cve: 2002-0071
cve: 2002-0079
nessus: 10932