Skip nav

Security Vulnerability Gives Attackers Full Control Over Any Web Server Running Microsoft Windows® NT 4.0, Windows 2000, or Windows XP with Internet Information Services (IIS)


(Aliso Viejo, CA.; Geneva Switzerland) – eEye Digital Security announces the discovery of a major security vulnerability in Microsoft’s (www.microsoft.com) IIS Web Server software. The vulnerability lies within the code that allows a Web server to interact with Microsoft Indexing Service functionality. The vulnerable Indexing Service ISAPI filter is installed by default on all versions of IIS. The problem lies in the fact that the .ida (Indexing Service) ISAPI filter does not perform proper "bounds checking" on user inputted buffers and therefore is susceptible to buffer overflow attacks.

Attackers that leverage the vulnerability can,...

Read full release