Features
-
License:
Free
-
Editor's Rating:
Not rated
- Average User Rating:
-
Downloads:
7,064
- Operating Systems:
Windows 2000
- Additional Requirements:
Windows 2000, Microsoft Internet Information Services 5.0 (IIS 5.0) or Microsoft Exchange 2000
- Limitations:
No limitations
- Date Added:
April 03, 2001
Publisher's description of IIS5 Malformed URL Service Failure Vulnerability Patch
From Microsoft:IIS 5.0 contains a flaw affecting the way that an URL is handled if it has a specific construction and its length is within a very narrow range of values. If such an URL were repeatedly sent to an affected system, a confluence of events could cause a memory allocation error that would result in the failure of the IIS service.
Exchange 2000 is affected by the same vulnerability. To support Web-based mail clients, it introduces the ability to address items on the store via URLs. This is done in part by using IIS 5.0, and in part via code that is specific to Exchange 2000. Both pieces of code contain the flaw, but the effect of exploiting the vulnerability via either would be the same--it could be used to cause the IIS service to fail, but could not be used to attack the Exchange service itself. That is, successfully attacking an Exchange server via this vulnerability would disrupt Web-based mail clients' use of the server, but not that of MAPI-based mail clients like Outlook.
Because the flaw occurs in two different code modules, one of which installs as part of IIS 5.0 and both of which install as part of Exchange 2000, it is important for Exchange 2000 administrators to install both this IIS patch, as well as the Exchange patch.
- See more CNET content tagged:
- Microsoft Exchange 2000 Server,
- Microsoft IIS 5.0,
- Microsoft IIS Server,
- flaw,
- vulnerability
More popular Corporate Security Software downloads
- 532 downloads 1. McAfee Total Protection for Small Business
- 368 downloads 2. Activity Monitor
- 314 downloads 3. Wireshark
- 299 downloads 4. Trend Micro OfficeScan Managed Antivirus
- 292 downloads 5. Ping Tester Pro
- See all Corporate Security Software downloads
User reviews
Write your own review Be the first one to review IIS5 Malformed URL Service Failure Vulnerability Patch MS01-014 (3/1/01) and share your experience with the CNET community!
Submit your review
You must be 13 years of age or older to submit personal information to CNET Networks. In compliance with the Children's Online Privacy Protection Act of 1998, CNET Networks does not accept name and e-mail address information from users who are under 13 years of age.
All submitted ratings and written comments become the sole property of CNET Networks, Inc. (CNET) and may be used at CNET Networks' sole discretion. Ratings and written comments are generally posted within two to four business days in batch groups, not in real time. However, CNET Networks reserves the right to remove or refuse to post any submission for any reason. You acknowledge that you, not CNET Networks, are responsible for the contents of your submission.
CNET Networks is not responsible for the content of the publisher's descriptions or user reviews on this site. We encourage you to determine whether this product or your intended use is legal. We do not encourage or condone the use of any software in violation of applicable laws. CNET Download.com does not sell, resell, or license any of the products listed on the site. We cannot be held liable for issues that arise from the download or use of these products.
