Integer Overflow Vulnerability in Microsoft IIS Internet Printing Protocol
CVE-2008-1446

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services
Vendor: CVE Published:; 15 October 2008

Summary

An integer overflow in the Internet Printing Protocol (IPP) ISAPI extension within Microsoft Internet Information Services (IIS) 5.0 through 7.0 can be exploited by remote authenticated users. By crafting a malicious HTTP POST request, an attacker can trigger an outbound IPP connection, potentially allowing arbitrary code execution on the server. This vulnerability affects various Windows platforms, including Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008. Users and administrators are advised to apply the latest security updates to mitigate this risk.

References

http://www.vupen.com/english/advisories/2008/2813

vdb-entryx_refsource_VUPEN

http://www.kb.cert.org/vuls/id/793233

third-party-advisoryx_refsource_CERT-VN

http://marc.info/?l=bugtraq&m=122479227205998&w=2

vendor-advisoryx_refsource_HP

EPSS Score

67% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 15, 2008
Vulnerability Reserved
Mar 21, 2008