MS08-006 ? Important: Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) - Version:1.1 |
|
| BugsAlert Home > MS08-006 ? Important: Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) - Version:1.1 | |
|
Severity Rating: Important - Revision Note: V1.1 (February 20, 2008) Bulletin updated: update filenames changed in the file information table for all supported 32-bit editions of Windows XP.Summary: This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A remote code execution vulnerability exists in the way that IIS handles input to ASP Web pages. An attacker who successfully exploited this vulnerability could then perform actions on the IIS server with the same rights as the Worker Process Identity (WPI). The WPI is configured with Network Service account privileges by default. IIS servers with ASP pages whose application pools are configured with a WPI that uses an account with administrative privileges could be more seriously impacted than IIS servers whose application pool is configured with the default WPI settings. Original Source: http://www.microsoft.com/technet/security/bulletin/MS08-006.mspx?pubDate=2008-02-20 Learn more about MS08-006 ? Important: Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) - Version:1.1 |
|
|
Tags: ms08-006 important vulnerability internet information services remote code execution 942830 version 1.1 |
|
Related Items |
|
|
MS07-042 - Critical: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) - Version:4.0
|
|
|
4 Ways to Keep LAMP Secure
|
|
|
Mozilla Firefox 2 Multiple Vulnerabilities
|
|
|
VUPEN - Trillian XML Data Handling Multiple Code Execution Vulnerabilities
|
|
|
CVE-2008-2952 (OpenLDAP)
|
|
|
CVE-2008-4694 (opera, opera9.50)
|
|
|
CVE-2008-1540 (Datsogallery)
|
|
