Microsoft IIS .HTR Filter Multiple Overflows (MS02-028)

high Nessus Plugin ID 11028

Synopsis

The remote web server is affected by a buffer overflow vulnerability.

Description

The remote server is vulnerable to a buffer overflow in the .HTR filter.

An attacker may use this flaw to execute arbitrary code on this host (although the exploitation of this flaw is considered difficult).

Solution

To unmap the .HTR extension:
1.Open Internet Services Manager 2.Right-click the Web server choose Properties from the context menu 3.Master Properties 4.Select WWW Service -> Edit -> HomeDirectory -> Configuration 5.Remove the reference to .htr from the list

See Microsoft bulletin MS02-028 for a patch.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2002/ms02-028

Plugin Details

Severity: High

ID: 11028

File Name: iis_htr_overflow.nasl

Version: 1.43

Type: remote

Family: Web Servers

Published: 6/13/2002

Updated: 5/28/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Required KB Items: Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 4/10/2002

Exploitable With

Metasploit (MS02-018 Microsoft IIS 4.0 .HTR Path Overflow)

Reference Information

CVE: CVE-2002-0071, CVE-2002-0364

BID: 4855, 5003

MSFT: MS02-028

MSKB: 321599