Version: 2008
  • On GameSpot: Handheld Xbox coming...eventually.
advertisement
Click Here

Microsoft "Malformed Web Form Submission" Vulnerability Patch (IIS 4.0) MS00-100

  • Quick specs
  • Price: Free
  • Operating system: Windows NT
  • Date added: January 09, 2001
  • Total Downloads: 4,393
  • Downloads last week: 2
  • See full specifications
Add to my list Add to my Watch List
Download Now (480.81K)
Tested spyware free

Publisher's description

From Microsoft :

This patch eliminates a security vulnerability in a component that ships as part of Microsoft Internet Information Server. The vulnerability could potentially allow an attacker to prevent an affected web server from providing useful service.

The FrontPage Server Extensions (FPSE) ship with and are installed by default as part of IIS 4.0 and 5.0. The most familiar FPSE functions allow Web site and content management; however, FPSE also provides browse-time support functions. Among the functions included in the latter category are ones that help process Web forms that have been submitted by a user. A vulnerability exists in one of these functions. If a malicious user levied a specially-malformed form submission to an affected server, it would cause the IIS service to fail. The vulnerability does not provide the opportunity to misuse any of the FPSE administrative or content management functions.

To resume normal operation on an IIS 4.0 server, the operator would need to restart the service. In contrast, if an IIS 5.0 server were attacked via this vulnerability, the IIS service would, by default, automatically restart almost immediately. Although any Web sessions that were in progress at the time of the attack would be lost, the server would be able to accept new connections as soon as the service was restarted. FPSE is installed by default as part of IIS 4.0 and 5.0, but, in keeping with best practices, Microsoft recommends that they be disabled if not needed.

CNET Editor's Note: Note: This IIS 4.0 patch can be applied atop systems running Windows NT 4.0 Service Pack 6a or 5. It will be included in Windows NT 4.0 Service Pack 7.

Business Productivity Online Suite
Improve productivity and Extend IT resources
Download Now

More popular Corporate Security Software downloads

  1. 2,278 downloads 1. Folder Guard
  2. 1,060 downloads 2. L0phtCrack
  3. 735 downloads 3. McAfee Total Protection for Small Business
  4. 661 downloads 4. Spyware Doctor Enterprise Free Edition
  5. 447 downloads 5. Wireshark
  6. See all Corporate Security Software downloads
Blackberry Starter Kit
If your BlackBerry is missing these essential apps, you're missing out.
Download Now

User reviews

Submit your review

Log in or create an account to submit your review for:

Microsoft "Malformed Web Form Submission" Vulnerability Patch (IIS 4.0) MS00-100

 ORLog in with your Facebook account
1. Rate this product:
(Mouse over the stars to rate this product and click to set your rating.)
2. One-line summary:(Summarize your review in one line. 10 characters minimum; required.)
0 of 55 characters
3. Pros:(Tell us what you like about this product. 10 characters minimum; required.)
0 of 250 characters
4. Cons:(Tell us what you don't like about this product. 10 characters minimum; required.)
0 of 250 characters
Bottom-line summary:(Explain to us in detail why you like or dislike the product, focusing your comments on the product's features and functionality, and your experience using the product. This field is optional.)
0 of 5000 characters

The posting of advertisements, profanity, or personal attacks are prohibited.
Click here to review our site terms of use.

Submit
See more CNET content tagged:
Microsoft IIS 4.0,
Microsoft IIS Server,
content management,
server,
vulnerability

advertisement
download
Site map
Help center
Our software policies
Newsletters
Submit software
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET