Another IIS Hole.
KRFinch at dstsystems.com
KRFinch at dstsystems.com
Thu Jun 13 14:49:00 CDT 2002
In case you hadn't heard:
"By sending a carefully crafted session, an attacker can overwrite a
section of the heap. Data structures in the overwritten heap can be
manipulated to move attacker-supplied data to attacker supplied memory
addresses, thereby altering the flow of execution into an attacker supplied
payload."
http://www.eeye.com/html/Research/Advisories/AD20020612.html
Lovely. Patch here:
http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-028.asp
More information about the Kclug
mailing list