Follow:

Exploit:Win/IIS.ErrorPage.XSS!CAN-2002-0148

Severity rating
Critical

Class/Type
Exploit

Discovered date
2002-04-10T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.



Impact

An attacker could exploit this vulnerability in either of two ways. By sending a series of requests that simply overran the buffer with random data, the attacker could cause the service to fail. However, by carefully selecting the data, it could be possible - although operationally difficult - to modify the operation of the IIS service to perform tasks of the attacker's choice.



Technical details (analysis)

The Redirect Response vulnerability could only be exploited if the user was running a browser other than Internet Explorer. IE does not actually render the text in the Redirect Response, but instead recognizes it by its response header and processes the redirect without displaying any text. The vulnerabilities could only be exploited if the attacker could entice another user into visiting a web page and clicking a link on it, or opening an HTML mail.



Affected software

Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 5.1



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Exploit:Win/IIS.ErrorPage.XSS!CAN-2002-0148
Release Date: 2002-04-10T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

No work around