GEN:SID | 1:1595 |
Message | WEB-IIS htimage.exe access |
Summary | This event is generated when an attempt is made to exploit a buffer overflow vulnerability associated with FrontPage Server Extension software.
|
Impact | Remote access. This attack may permit exeuction of arbitrary commands on the vulnerable server.
|
Detailed Information | Microsoft FrontPage 97 and 98 Server Extensions are shipped with htimage.exe and imagemap.exe files that provide image-mapping support on the server for legacy browsers. There is a vulnerability associated with the htimage.exe file because of unchecked buffers that may permit execution of arbitrary code on the vulnerable server.
|
Affected Systems | Microsoft Exchange Server 5.5 and Microsoft Exchange Server 5.5 SP1, SP2, SP3, SP4
|
Attack Scenarios | An attacker can craft a special URL referencing the htimage.exe file that causes a buffer overflow, allowing execution of arbitrary commands on the vulnerable server.
|
Ease of Attack | Simple.
|
Corrective Action | Remove the htimage.exe and imagemap.exe files from the server.
|
Additional References | nessus http://cgi.nessus.org/plugins/dump.php3?id=10376
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0256 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0122
Bugtraq http://www.securityfocus.com/bid/1117
|
Rule References | bugtraq: 1117
bugtraq: 964
cve: 2000-0122
cve: 2000-0256
nessus: 10376
|