Check or Attack Name: IIS CGI Overflow

The Microsoft Internet Information Server (IIS) 2.0 and 3.0 contain a vulnerability that crashes the server if a very large client request is received. The attack can be embedded in many requests, such as headers and CGI requests, and requires a length between 4 KB and 8 KB to be transmitted, which never happens in normal HTTP traffic.

This vulnerability was corrected in post-SP3 hotfixes and in Service Pack 4.

Apply the latest Windows NT 4.0 Service.

To apply the latest Windows NT 4.0 Service Pack, follow these steps:

1. Open a web browser.
2. Go to http://support.microsoft.com/support/ntserver/Content/ServicePacks/ and follow the directions to download the appropriate service pack for your computer.
3. Find the installation program you downloaded to your computer.
4. Double-click the program icon to start the installation.
5. Follow the installation directions.

Windows NT 4.0 Service Pack 3 (SP3) users must apply the post-SP3 iis-fix patch available from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/iis-fix/.

Microsoft Knowledge Base Article Q143484, IIS Services Stop with Large Client Requests, http://support.microsoft.com/support/kb/articles/q143/4/84.asp

Microsoft Knowledge Base Article Q143484, Internet Information Server Services Stop w/ Large CGI Request, ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/iis-fix/Q143484.txt