Vulnerabilities > CVE-2004-0205 - Remote Buffer Overflow vulnerability in Microsoft IIS 4 Redirect
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 | |
Hardware | 2 | |
OS | 1 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS04-021.NASL |
description | The remote host has a version of IIS 4.0 that could allow an attacker to take the control of the remote web server and execute arbitrary commands on the remote host with the SYSTEM privileges. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 13639 |
published | 2004-07-13 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/13639 |
title | MS04-021: IIS Redirection Vulnerability (credentialed check) (841373) |
code |
|
Oval
accepted | 2008-03-24T04:00:23.139-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. | ||||||||||||||||||||
family | windows | ||||||||||||||||||||
id | oval:org.mitre.oval:def:2204 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2004-07-13T12:00:00.000-04:00 | ||||||||||||||||||||
title | IIS4.0 Redirect Function Buffer Overflow | ||||||||||||||||||||
version | 40 |
References
- http://secunia.com/advisories/12061
- http://www.ciac.org/ciac/bulletins/o-179.shtml
- http://www.kb.cert.org/vuls/id/717748
- http://www.osvdb.org/7799
- http://www.securityfocus.com/bid/10706
- http://www.us-cert.gov/cas/techalerts/TA04-196A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-021
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16578
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2204