F-Secure
Tools
Microsoft Windows IIS IPP Service Integer Overflow Vulnerability
| Report ID: | SA32248 |
| Source: | Secunia |
| Date of Discovery: | 14.10.2008 |
| Criticality: | Urgent |
| Affects: | Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2008 Microsoft Windows XP Home Edition Microsoft Windows XP Professional |
| Compromise From: | From remote |
| Compromise Type: | System access |
Summary
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system.
Detailed Description
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to an integer overflow error within the IPP (Internet Printing Protocol) ISAPI extension for IIS when processing specially crafted IPP responses. This can be exploited to execute arbitrary code by tricking an affected web server into connecting to a malicious IPP server via a specially crafted HTTP "POST" request.
Successful exploitation requires that IPP is enabled in IIS.
The vulnerability is caused due to an integer overflow error within the IPP (Internet Printing Protocol) ISAPI extension for IIS when processing specially crafted IPP responses. This can be exploited to execute arbitrary code by tricking an affected web server into connecting to a malicious IPP server via a specially crafted HTTP "POST" request.
Successful exploitation requires that IPP is enabled in IIS.
Solution
Apply patches.
Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=8163d1f6-feb5-4f39-8134-3ed42326b822
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=e7ef571f-c9e8-4e14-95a3-3eeaec55b784
Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=3ae4b913-bff0-4974-b198-828ca10d2a87
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=437a9b68-6a0c-48c8-9348-0d6fda48aa21
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=d3df6508-a568-449d-ac97-fbf3f97b98ef
Windows Server 2003 with SP1/SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=748f54f1-40b9-407c-9819-909061b53743
Windows Vista and Windows Vista SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9B5995DF-A3B8-4E81-B118-9BB057E19884
Windows Vista x64 Edition and Windows Vista x64 Edition SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4A0FCF4B-EB8E-456A-B934-400AE18248EE
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=3d6290d8-1745-4bc0-9ca9-eeb1ad0be4a5
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=a33c833c-d5c5-4e37-8f89-7b9079f92e59
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=31783e88-76e2-4bc6-b4ae-308443c6d223
Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=8163d1f6-feb5-4f39-8134-3ed42326b822
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=e7ef571f-c9e8-4e14-95a3-3eeaec55b784
Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=3ae4b913-bff0-4974-b198-828ca10d2a87
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=437a9b68-6a0c-48c8-9348-0d6fda48aa21
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=d3df6508-a568-449d-ac97-fbf3f97b98ef
Windows Server 2003 with SP1/SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=748f54f1-40b9-407c-9819-909061b53743
Windows Vista and Windows Vista SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9B5995DF-A3B8-4E81-B118-9BB057E19884
Windows Vista x64 Edition and Windows Vista x64 Edition SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4A0FCF4B-EB8E-456A-B934-400AE18248EE
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=3d6290d8-1745-4bc0-9ca9-eeb1ad0be4a5
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=a33c833c-d5c5-4e37-8f89-7b9079f92e59
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=31783e88-76e2-4bc6-b4ae-308443c6d223
CVE Reference
CVE-2008-1446