Macromedia.ISAPI.GET.Buffer.Overflow
Description
This indicates a possible exploit of a heap-based buffer overflow vulnerability in the IIS ISAPI handler in Macromedia ColdFusion 6.0 and Macromedia JRun 4.0.
This vulnerability may allow an attacker to execute arbitrary code on Microsoft IIS web servers running vulnerable versions of Macromedia ColdFusion or JRun. This is due to the IIS ISAPI handler's failure to bounds check HTTP GET requests that are passed to it. When exploiting this vulnerability in JRUN, an attacker may send specially crafted HTTP GET requests with a long .cfm file name. In ColdFusion, a long .jsp file name is sent. If the size of the file name is over 4096 bytes, a buffer overrun occurs which leads to arbitrary code execution.
Affected Products
Macromedia JRun 4.0 and earlier versions and Macromedia Coldfusion MX 6.0
Impact
Compromise of the affected system.
Recommended Actions
For ColdFusion, apply the patch from the following web site:
For JRun, apply the patch from the following web site:
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |