SF new article announcement: Blind Buffer Overflows In ISAPI Extensions

From: Kelly Martin (kel_at_securityfocus.com)
Date: 01/25/05

  • Next message: Rivera Alonso, David: "IIS6 Security and other web servers"
    Date: Tue, 25 Jan 2005 11:51:43 -0700
    To: security-basics@securityfocus.com
    
    

    The following Infocus article was published on Symantec's SecurityFocus
    today:

    Blind Buffer Overflows In ISAPI Extensions
    By Isaac Dawson January 25, 2005

    This paper will outline the risks ISAPI Extensions pose and how they can
    be exploited by third parties without any binary exposure or knowledge
    using blind stack overflows. This method can enable remote code
    execution in proprietary and third party applications.

    http://www.securityfocus.com/infocus/1819


  • Next message: Rivera Alonso, David: "IIS6 Security and other web servers"