Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

FP2000: MS01-035: Potential Buffer Overrun Vulnerability in Visual Studio RAD (Remote Application Deployment)


View products that this article applies to.

This article was previously published under Q300477

↑ Back to the top


Summary

Microsoft Internet Information Server 4.0 and Internet Information Services 5.0 (IIS) include the FrontPage Server Extensions to facilitate the development of Web sites and Web-based applications. The FrontPage Server Extensions include an optional subcomponent for development servers called Visual Studio RAD (Remote Application Deployment). If you install this optional component on a computer during the installation of Microsoft Windows 2000, you receive the following message:
You have chosen to install Visual InterDev RAD Remote Deployment Support. You should do this only on development servers, because RAD lets authors register server components and modify the COM+ settings, affecting the state of the running server. If you install RAD Remote Deployment Support, you should regularly review the permissions settings of your FrontPage webs to ensure that no unwanted authors have obtained authoring privileges.
This subcomponent allows Visual InterDev users to register and unregister programming components on the IIS server. This subcomponent contains an unchecked buffer in a section that processes input information.

Although it is unlikely, an attacker could potentially exploit this vulnerability against any server on which the affected subcomponent is installed, by connecting to a Web session on the server and passing a specially malformed packet to the system. For additional information about the latest service pack for Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:
260910� How to Obtain the Latest Windows 2000 Service Pack

↑ Back to the top


More information

A more detailed explanation and a supported fix are available in the following Microsoft Security Bulletin, MS01-035: This patch is available in the Windows 2000 Security Rollup Package 1 (SRP1) or individually via the links below. For additional information on SRP1, click the article number below to view the article in the Microsoft Knowledge Base:
311401� Windows 2000 Security Rollup Package 1 (SRP1), January 2002
For additional information about security topics, browse to the following Microsoft TechNet Security Web site:

↑ Back to the top


Keywords: KB300477, kbwin2000sp3fix, kbwin2000presp3fix, kbsecurity, kbinfo, kbqfe, kbhotfixserver

↑ Back to the top

Article Info
Article ID : 300477
Revision : 9
Created on : 9/23/2005
Published on : 9/23/2005
Exists online : False
Views : 400