MS.IIS.Privilege.Escalation.ASP.Upload
Description
This indicates an attempt to exploit a buffer overflow vulnerability in Microsoft Internet Information Services (IIS).
The application fails to properly validate user supplied input before copying it to an internal buffer. This vulnerability can only be exploited by an attacker who is able to upload specially crafted ASP pages to a vulnerable server. As a result it may be possible to execute arbitrary commands with the privileges of the web server and gain complete access to the server.
Affected Products
Microsoft Internet Information Services (IIS) 6.0
Microsoft Internet Information Services (IIS) 5.1
Microsoft Internet Information Services (IIS) 5.0
Impact
System compromise: execution of arbitrary code.
Recommended Actions
Microsoft has released critical update MS06-034 that fixes this vulnerability.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |