Microsoft Security Bulletin MS04-021

 

Un débordement de pile présent dans le traitement des redirections HTTP permet à un utilisateur mal intentionné, via une adresse réticulaire (URL) malicieusement construite, d'exécuter du code arbitraire ou de réaliser un déni de service sur la plate-forme vulnérable.

Who should read this document: Customers who use Microsoft® Windows® NT® 4.0

Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating: Important

Recommendation: Customers should install the update at the earliest opportunity.

Security Update Replacement: None

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

Non-Affected Software:

•	Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4
•	Microsoft Windows XP and Microsoft Windows XP Service Pack 1
•	Microsoft Windows XP 64-Bit Edition Service Pack 1
•	Microsoft Windows XP 64-Bit Edition Version 2003
•	Microsoft Windows Server™ 2003
•	Microsoft Windows Server 2003 64-Bit Edition
•	Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

Tested Microsoft Windows Components:

Affected Components:

•	Microsoft Internet Information Server (IIS) 4.0

Non-Affected Components:

•	Microsoft Internet Information Services 5.0 (included with Windows 2000 Server)
•	Microsoft Internet Information Services 5.1 (included with Windows XP)
•	Microsoft Internet Information Services 6.0 (included with Windows Server 2003)