On Wed, 8 Aug 2001, Inman, Carey wrote: > Hi, > > I would like to offer a quote from MS01-033: > > "the service would not need to be running in order for an attacker to > exploit the vulnerability." > > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ > bulletin/MS01-033.asp > > Carey That quote was taken out of context... The buffer overrun occurs before any indexing functionality is requested. As a result, even though idq.dll is a component of Index Server/Indexing Service, the service would not need to be running in order for an attacker to exploit the vulnerability. As long as the script mapping for .idq or .ida files were present, and the attacker were able to establish a web session, he could exploit the vulnerability. James was talking about IIS, not the Indexing Service. If IIS is not running, you are not vulnerable. -- Jonathan Rickman X Corps Security http://www.xcorps.net
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:42:03 PDT