[Snort-sigs] Signature Definition #1023, 15 of 20
Esler, Joel Contractor
EslerJ at ...785...
Mon Jun 9 09:21:10 EDT 2003
Rule: -- WEB-IIS msadcs.dll access
Sid: -- 1023
Summary: -- This string detects "/msadcs.dll" in traffic in flow to
Impact: -- Unpatched vulnerabilities in older versions of Microsoft IIS can
lead to admin access to the webserver
Detailed Information: -- Any older vulnerabilities found in Microsoft IIS
can be exploited via a buffer overflow using this file. This Signature
detects the request for this file in attack strings.
Affected Systems: -- Any that have the software installed
Attack Scenarios: -- Slim to Dangerous
Ease of Attack: -- Moderate
False Positives: -- Unknown
False Negatives: -- Unknown
Corrective Action: -- Patch vulnerable servers and block unauthroized
access to webpages at the router. Proxy all webpages.
Contributors: -- Joel Esler
Additional References: bugtraq,529; cve,CVE-1999-1011
More information about the Snort-sigs