ZDNet UK

CBS INTERACTIVE UK BUSINESS SITES:
BNET UK
silicon.com
ZDNet.co.uk

You are here: ZDNet.co.uk > Resources > Downloads > Windows > Antivirus, Firewall, & Spyware > Corporate Security Software

Resources Downloads

IIS5 Malformed URL Service Failure Vulnerability Patch MS01-014 (3/1/01)

		License	Free
		Requirements	Windows 2000, Microsoft Internet Information Services 5.0 (IIS 5.0) or Microsoft Exchange 2000
Downloads	158	Limitations	None
Publisher	Microsoft	File Size	311k
Date added	04 Apr 2001		Check your speed

Publisher's Description

Report a broken link

IIS 5.0 contains a flaw affecting the way that an URL is handled if it has a specific construction and its length is within a very narrow range of values. If such an URL were repeatedly sent to an affected system, a confluence of events could cause a memory allocation error that would result in the failure of the IIS service.

Exchange 2000 is affected by the same vulnerability. To support Web-based mail clients, it introduces the ability to address items on the store via URLs. This is done in part by using IIS 5.0, and in part via code that is specific to Exchange 2000. Both pieces of code contain the flaw, but the effect of exploiting the vulnerability via either would be the same--it could be used to cause the IIS service to fail, but could not be used to attack the Exchange service itself. That is, successfully attacking an Exchange server via this vulnerability would disrupt Web-based mail clients' use of the server, but not that of MAPI-based mail clients like Outlook.

Because the flaw occurs in two different code modules, one of which installs as part of IIS 5.0 and both of which install as part of Exchange 2000, it is important for Exchange 2000 administrators to install both this IIS patch, as well as the Exchange patch.

Did you find this download useful?
27 out of 50 users found this download useful

People who downloaded this software also downloaded...

Cute Password Manager Pro 2008.1.3.9

Log into Web sites and fill forms with just a few mouse clicks.

More info

Download

Mirramail Encrypted Email 3.0

Send messages using a complete e-mail program.

More info

Download

Easy Login Assist 3.6

Manage your privacy data and log in to Web sites or applications automatically.

More info

Download

Anti-Spam Guard 4

Secure your incoming and outgoing e-mails and delete junk files.

More info

Download

My-iWallet 2

Protect your online log on using biometric authentication instead of passwords.

More info

Download

Email Privacy 3

Bypass your ISP's mail server and send e-mail directly to your recipient's mailbox.

More info

Download

DeVault Pro 2009 S3

Organize, backup, encrypt, and share all your files via secure digital vaults.

More info

Download

LANwriter 1.0

Get an application for network CD/DVD writing, FTP and secure data publishing.

More info

Download

eCipher Free 1.6

Encrypt and send secure e-mail easily.

More info

Download

Drag-Drop Form 7.2.9

Encrypt, store, and get quick access to your login URLs, usernames, passwords, and other private information.

More info

Download

Brocade File Insight 2.0

Brocade File Insight is a free Windows-based reporting utility that provides a quick and easy way to understand your SMB/CIFS network file environments.

Downloads: 4,557
Requirements: Microsoft 32-bit Windows Server 2003, XP Professional, or newer
License: Free Tool / Utility
Publisher: Brocade
Size: 0

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.