By Pia Heikkila, 14 June 2002 11:50
NEWS Microsoft has warned users of its IIS server software of another raft of vulnerabilities. The flaw could allow hackers to control websites, steal information or launch a denial-of-service (DOS) attack. The versions affected by the buffer overflow flaw are IIS 4 and 5 which are running on the millennium edition and NT4. Buffer overflow flaws occur when software cannot handle multiple identical repeat commands. These cause the code to crash, and allow a malicious hacker to execute arbitrary code. The vulnerability was uncovered by US security consultant Riley Hassell at eEye Digital Security. Worried MS customers can find the patch here http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-028.asp
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below