Advertisement
Promo

Become a member of the ZDNet UK community

Resources Downloads

Download Now

IIS5 Malformed URL Service Failure Vulnerability Patch MS01-014 (3/1/01)


License Free
Requirements Windows 2000, Microsoft Internet Information Services 5.0 (IIS 5.0) or Microsoft Exchange 2000
Downloads 184 Limitations None
Publisher Microsoft File Size 311k
Date added 04 Apr 2001 Check your speed

IIS 5.0 contains a flaw affecting the way that an URL is handled if it has a specific construction and its length is within a very narrow range of values. If such an URL were repeatedly sent to an affected system, a confluence of events could cause a memory allocation error that would result in the failure of the IIS service.

Exchange 2000 is affected by the same vulnerability. To support Web-based mail clients, it introduces the ability to address items on the store via URLs. This is done in part by using IIS 5.0, and in part via code that is specific to Exchange 2000. Both pieces of code contain the flaw, but the effect of exploiting the vulnerability via either would be the same--it could be used to cause the IIS service to fail, but could not be used to attack the Exchange service itself. That is, successfully attacking an Exchange server via this vulnerability would disrupt Web-based mail clients' use of the server, but not that of MAPI-based mail clients like Outlook.

Because the flaw occurs in two different code modules, one of which installs as part of IIS 5.0 and both of which install as part of Exchange 2000, it is important for Exchange 2000 administrators to install both this IIS patch, as well as the Exchange patch.

Download Now

Did you find this download useful?
24 out of 50 users found this download useful


People who downloaded this software also downloaded...

Instant IMtegrity 3.31

Log, save, and archive instant message chats.

More info +


Easy File & Folder Protector 5.0

Protect your files and folders from unwanted visitors.

More info +


NetShareWatcher 1.5.1

Monitor and identify network shared files and permissions.

More info +


InvisiSpy 4.5

Monitor your computer's activity in stealth mode.

More info +


My Invisibles 1.4

Protect sensitive information on your computer from unauthorized access.

More info +


Sentinel 2.2.1

Protect your computer from viruses and Trojans with this program.

More info +


Access Administrator Pro 5.0

Restrict access to your files and folders.

More info +


Wireshark 1.2.3

Perform thorough analysis of your network protocol.

More info +


Ascendant NFM (Network File Monitor) 1.5

Monitor, log, archive, and send alerts for all file usage on your network.

More info +


Office Keeper 1.0

Protect enterprise networks from unauthorized access.

More info +


Broadband Deals? Powered by Top 10 Broadband

150+ broadband packages

Compare 30+ mobile broadband deals

Mobile Broadband »

Download

Trend Micro Worry-Free Business Security Advanced

Trend Micro™ Worry-Free™ Business Security Advanced and Standard 6. #1 for Small Business Security

  • Downloads: 888
  • Requirements: Processor: Intel™ Pentium™ or AMD™. RAM: 256MB-1GB (operating system dependant). Disk space: 350MB. Web Browser: Microsoft™ Internet Explorer 6.0 or 7.0.
  • License:
  • Publisher:
  • Size: 0

Download Now

Google Chrome Special Report

All roads lead to Chrome

All roads lead to Chrome

Comment With its new browser, Google has finally taken its gaudy, chrome-plated, futuristic ray gun and pointed it straight at Microsoft's head

More Special Reports


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters