Microsoft Internet Information Server 4.0 and Internet Information Services 5.0 (IIS) include the FrontPage Server Extensions to facilitate the development of Web sites and Web-based applications. The FrontPage Server Extensions include an optional subcomponent for development servers called Visual Studio RAD (Remote Application Deployment). If you install this optional component on a computer during the installation of Microsoft Windows 2000, you receive the following message:
You have chosen to install Visual InterDev RAD Remote Deployment Support. You should do this only on development servers, because RAD lets authors register server components and modify the COM+ settings, affecting the state of the running server. If you install RAD Remote Deployment Support, you should regularly review the permissions settings of your FrontPage webs to ensure that no unwanted authors have obtained authoring privileges.
This subcomponent allows Visual InterDev users to register and unregister programming components on the IIS server. This subcomponent contains an unchecked buffer in a section that processes input information.
Although it is unlikely, an attacker could potentially exploit this vulnerability against any server on which the affected subcomponent is installed, by connecting to a Web session on the server and passing a specially malformed packet to the system.
For additional information about the latest service pack for Windows 2000, click the article number below
to view the article in the Microsoft Knowledge Base:
260910�
How to Obtain the Latest Windows 2000 Service Pack