> NGSSoftware Insight Security Research Advisory > > Name: Remote System Buffer Overrun WebAdmin.exe > Systems Affected: Windows > Severity: High Risk > Category: Buffer Overrun > Vendor URL: http://www.altn.com/ > Author: Mark Litchfield (mark@ngssoftware.com) > Date: 24th June 2003 > Advisory number: #NISR2406-03 I've been making a few tests using WebAdmin 2.0.3 running under IIS (WebAdmin.dll) On my tests, I haven't been able to exploit this issue beyond the scope of a Denial of Service. The Active Server Pages service just reboots itself and two entries are added to the event log: Application Log: Event Type: Information Event Source: Active Server Pages Event Category: None Event ID: 3 Date: 24/06/2003 Time: 22:19:16 User: N/A Computer: XXX Description: Service started. System Log: Event Type: Warning Event Source: W3SVC Event Category: None Event ID: 37 Date: 24/06/2003 Time: 22:17:33 User: N/A Computer: XXX Description: Out of process application '/LM/W3SVC/3/Root/WebAdmin' terminated unexpectedly. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. David A. Pérez
