Tutorial - Vulnerable Index Services

Vulnerable Index Services

Impact

Due to an unchecked buffer in IIS 5.0 Index services, a maliciously crafted HTTP .idq request containing approx 240 bytes in the query field will allow the execution of arbitrary code. It is commonly found on Windows 2000.

Background

Microsoft Index services uses the idq.dll library to formulate and submit queries to the Microsoft Index Server. An unchecked buffer in idq.dll, will allow the execution of arbitrary code. Typically a web server would stop responding in a buffer overflow condition; however, once Windows 2000 detects an unresponsive web server it automatically performs a restart. Therefore, the administrator will be unaware of this attack.

Resolution

Microsoft has released a patch which rectifies the issue on the Index services buffer overflow at BulletinMS01-033

Reference: eEye AD20010618