This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:OVERFLOW:MS-HTTP-SERVICES
|
Severity |
Major
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
Microsoft HTTP Services Chunked Encoding Integer Overflow
|
Release Date |
2012/11/28
|
Update Number |
2206
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Microsoft HTTP Services Chunked Encoding Integer Overflow
This signature detects attempts to exploit a known flaw in Microsoft HTTP Services. An integer overflow vulnerability has been reported in Microsoft Windows HTTP Services. The flaw is due to improper validation of parameters returned by a remote Web server. An attacker can persuade the target user or a service running on the target system to connect to a malicious Web Sever to exploit this vulnerability. Successful attack could allow for arbitrary code execution and complete control of the targeted system. In an attack scenario, where arbitrary code is injected and executed on the target system, the attacker could install applications; access, modify, and delete data; or create new accounts with privileges of the user or service that connected to the malicious Web server. Unsuccessful attacks could result in the termination of any Windows service or third party application using HTTP services.
Extended Description
Microsoft Windows HTTP Services (WinHTTP) is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise an affected application and possibly the computer. Failed attacks will cause denial-of-service conditions.
Affected Products
- Microsoft windows_2000_professional SP1
- Microsoft windows_2000_professional SP2
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_professional
- Microsoft windows_server_2003 SP1
- Microsoft windows_server_2003 SP2
- Microsoft windows_server_2003_datacenter_edition SP1
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_datacenter_edition_itanium SP1
- Microsoft windows_server_2003_datacenter_edition_itanium
- Microsoft windows_server_2003_datacenter_x64_edition SP2
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_server_2003_enterprise_edition SP1
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_enterprise_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition_itanium
- Microsoft windows_server_2003_enterprise_x64_edition SP2
- Microsoft windows_server_2003_enterprise_x64_edition
- Microsoft windows_server_2003_itanium SP1
- Microsoft windows_server_2003_itanium SP2
- Microsoft windows_server_2003_itanium
- Microsoft windows_server_2003_standard_edition SP1
- Microsoft windows_server_2003_standard_edition SP2
- Microsoft windows_server_2003_standard_edition
- Microsoft windows_server_2003_standard_x64_edition
- Microsoft windows_server_2003_web_edition SP1
- Microsoft windows_server_2003_web_edition SP2
- Microsoft windows_server_2003_web_edition
- Microsoft windows_server_2003_x64 SP1
- Microsoft windows_server_2003_x64 SP2
- Microsoft windows_server_2008_datacenter_edition
- Microsoft windows_server_2008_enterprise_edition
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_itanium-based_systems
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_server_2008_standard_edition
- Microsoft windows_vista Business
- Microsoft windows_vista Business SP1
- Microsoft windows_vista Enterprise
- Microsoft windows_vista Enterprise SP1
- Microsoft windows_vista Home Basic
- Microsoft windows_vista Home Basic SP1
- Microsoft windows_vista Home Premium
- Microsoft windows_vista Home Premium SP1
- Microsoft windows_vista Ultimate
- Microsoft windows_vista Ultimate SP1
- Microsoft windows_vista
- Microsoft windows_vista_business_64-bit_edition SP1
- Microsoft windows_vista_business_64-bit_edition
- Microsoft windows_vista_enterprise_64-bit_edition SP1
- Microsoft windows_vista_enterprise_64-bit_edition
- Microsoft windows_vista_home_basic_64-bit_edition SP1
- Microsoft windows_vista_home_basic_64-bit_edition
- Microsoft windows_vista_home_premium_64-bit_edition SP1
- Microsoft windows_vista_home_premium_64-bit_edition
- Microsoft windows_vista_ultimate_64-bit_edition SP1
- Microsoft windows_vista_ultimate_64-bit_edition
- Microsoft windows_vista_x64_edition SP1
- Microsoft windows_vista_x64_edition
- Microsoft windows_xp
- Microsoft windows_xp_embedded SP1
- Microsoft windows_xp_embedded SP2
- Microsoft windows_xp_embedded SP3
- Microsoft windows_xp_embedded
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_home SP3
- Microsoft windows_xp_home
- Microsoft windows_xp_media_center_edition SP1
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_xp_media_center_edition SP3
- Microsoft windows_xp_media_center_edition
- Microsoft windows_xp_professional SP1
- Microsoft windows_xp_professional SP2
- Microsoft windows_xp_professional SP3
- Microsoft windows_xp_professional
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_xp_tablet_pc_edition SP1
- Microsoft windows_xp_tablet_pc_edition SP2
- Microsoft windows_xp_tablet_pc_edition SP3
- Microsoft windows_xp_tablet_pc_edition
References