Icon of program: IIS5 Malformed URL Servic…

IIS5 Malformed URL Service Failure Vulnerability Patch for Windows

Download now

Used IIS5 Malformed URL Service Failure Vulnerability Patch for Windows?

Editors’ Review

Download.com staff
This update addresses a flaw in IIS 5.0 and Exchange 2000 that can cause service failure due to specific URL handling. Apply both patches for full protection.

  • Pros

    • Fixes memory allocation error leading to service failure.
    • Addresses vulnerability in IIS 5.0 URL handling.
    • Resolves flaw affecting Exchange 2000 web mail access.
    • Prevents disruption to web-based mail clients.

  • Cons

    • Requires separate patch for Exchange 2000.
    • Vulnerability tied to specific URL construction and length.
    • Does not address attacks on the Exchange service itself.
Icon of program: IIS5 Malformed URL Servic…

IIS5 Malformed URL Service Failure Vulnerability Patch for Windows

Download now

Used IIS5 Malformed URL Service Failure Vulnerability Patch for Windows?

Explore More

Full Specifications

GENERAL
Release
Latest update
Version
ms01-014-3-1-01
OPERATING SYSTEMS
Platform
Windows
Operating System
  • Windows 10
  • Windows 2000
Additional Requirements
Windows 2000, Microsoft Internet Information Services 5.0 (IIS 5.0) or Microsoft Exchange 2000
POPULARITY
Total Downloads
8,853
Downloads Last Week
0
Report Software

Program available in other languages

Last Updated

Developer’s Description

By Microsoft
Fix a vulnerability cause a memory allocation error that would result in the failure of the IIS service.
IIS 5.0 contains a flaw affecting the way that an URL is handled if it has a specific construction and its length is within a very narrow range of values. If such an URL were repeatedly sent to an affected system, a confluence of events could cause a memory allocation error that would result in the failure of the IIS service.

Exchange 2000 is affected by the same vulnerability. To support Web-based mail clients, it introduces the ability to address items on the store via URLs. This is done in part by using IIS 5.0, and in part via code that is specific to Exchange 2000. Both pieces of code contain the flaw, but the effect of exploiting the vulnerability via either would be the same--it could be used to cause the IIS service to fail, but could not be used to attack the Exchange service itself. That is, successfully attacking an Exchange server via this vulnerability would disrupt Web-based mail clients' use of the server, but not that of MAPI-based mail clients like Outlook.

Because the flaw occurs in two different code modules, one of which installs as part of IIS 5.0 and both of which install as part of Exchange 2000, it is important for Exchange 2000 administrators to install both this IIS patch, as well as the Exchange patch.

Download.com
Your review for IIS5 Malformed URL Service Failure Vulnerability Patch