HighCheck or Attack Name: IIS HTR Overflow
Internet Information Server 4.0 contains the ability to perform various server-side processing via specific file types. A vulnerability exists in the way that .HTR, .STM, and .IDC files are processed. Requests for files ending with these file name extensions are passed to the appropriate external DLL for processing. These DLLs contain unchecked buffers that could allow a long request to overflow these buffers and crash the IIS service. This hole has also been demonstrated to allow remote execution of arbitrary code and exploits have been made widely available.
Apply the Internet Information Server 4.0 ext-fix update.
Internet Information Server 4.0 users, apply the ext-fix update:
- Open a web browser.
- Go to ftp://ftp.microsoft.com/bussys/IIS/iis-public/fixes/usa/ext-fix/.
- View the readme.txt for versions and install instructions.
- Download the appropriate patch for your operating environment.
- Find the patch file you downloaded to your computer.
- Double-click its icon to start the installation.
- Follow the installation directions.
eEye Digital Security Team Alert AD06081999, Retina vs. IIS4, Round 2, http://www.eeye.com/database/advisories/ad06081999/ad06081999.html
Microsoft Security Bulletin MS99-019, Workaround Available for "Malformed HTR Request" Vulnerability, http://www.microsoft.com/security/bulletins/ms99-019.asp
CIAC Information Bulletin J-048, J-048: Malformed HTR Request Vulnerability, http://ciac.llnl.gov/ciac/bulletins/j-048.shtml
Microsoft Knowledge Base Article Q234905, An Improperly Formatted HTTP Request Can Cause The Inetinfo Process To Fail, http://support.microsoft.com/support/kb/articles/q234/9/05.asp
CERT Advisory CA-99-07, IIS Buffer Overflow, http://www.cert.org/advisories/CA-99-07-IIS-Buffer-Overflow.html
