Check Point Advisories

Preemptive Protection against Microsoft IIS Request Header Buffer Overflow Vulnerability (MS10-065)

Check Point Reference: CPAI-2010-261
Date Published: 14 Sep 2010
Severity: High
Last Updated: Friday 01 January, 2010
Source: Microsoft Security Bulletin MS10-065
Industry Reference:CVE-2010-2730
Protection Provided by:
Who is Vulnerable? Internet Information Services 7.5 on: Windows 7 for 32-bit Systems Windows 7 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 (Itanium)
Vulnerability Description A buffer overflow vulnerability has been reported in Microsoft Internet Information Services (IIS) with FastCGI enabled. IIS is a collection of Internet services packaged with several versions of the Windows operating system. FastCGI for IIS enables popular application frameworks that support the FastCGI protocol to be hosted on the IIS web server. A remote attacker could use this issue to execute arbitrary code on an affected system.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS10-065 
Vulnerability DetailsThe vulnerability is due to an error in the way Internet Information Services with FastCGI enabled handles request headers. An attacker may exploit this issue by crafting an HTTP request and sending it to the vulnerable service. Successful exploitation of this vulnerability would allow the attacker to take complete control of the affected system.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.