[Microsoft Alert] Microsoft Security Bulletin MS06-034
Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
Issued: July 11, 2006
Version: 1.0
Summary
Who should read this document: Customers who use Microsoft Internet Information Services (IIS)
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Recommendation: Customers should apply the update at the earliest opportunity.
Security Update Replacement: None
Vulnerability Details:
There is a remote code execution vulnerability in Internet Information Services (IIS). An attacker could exploit the vulnerability by constructing a specially crafted Active Server Pages (ASP) file, potentially allowing remote code execution if the Internet Information Services (IIS) processes the specially crafted file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Affected Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Professional Service Pack 1 and Microsoft Windows XP Professional Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition family
