1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




Microsoft Windows IIS IPP Service Integer Overflow Vulnerability

Report ID: SA32248
Source: Secunia
Date of Discovery: 14.10.2008
Criticality: Urgent
Affects:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Compromise From: From remote
Compromise Type: System access

Summary

A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system.

Detailed Description

A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to an integer overflow error within the IPP (Internet Printing Protocol) ISAPI extension for IIS when processing specially crafted IPP responses. This can be exploited to execute arbitrary code by tricking an affected web server into connecting to a malicious IPP server via a specially crafted HTTP "POST" request.

Successful exploitation requires that IPP is enabled in IIS.

Solution

Apply patches.

Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=8163d1f6-feb5-4f39-8134-3ed42326b822

Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=e7ef571f-c9e8-4e14-95a3-3eeaec55b784

Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=3ae4b913-bff0-4974-b198-828ca10d2a87

Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=437a9b68-6a0c-48c8-9348-0d6fda48aa21

Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=d3df6508-a568-449d-ac97-fbf3f97b98ef

Windows Server 2003 with SP1/SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=748f54f1-40b9-407c-9819-909061b53743

Windows Vista and Windows Vista SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9B5995DF-A3B8-4E81-B118-9BB057E19884

Windows Vista x64 Edition and Windows Vista x64 Edition SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4A0FCF4B-EB8E-456A-B934-400AE18248EE

Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=3d6290d8-1745-4bc0-9ca9-eeb1ad0be4a5

Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=a33c833c-d5c5-4e37-8f89-7b9079f92e59

Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=31783e88-76e2-4bc6-b4ae-308443c6d223

CVE Reference

CVE-2008-1446