Saturday, May 14, 2011


iishack5.c - exploit source code - exploit perl port
iishack5.exe - exploit windows binary

The windows binary has only been tested to work under Windows NT 4.0, it may or may not
work under any other versions of windows, the perl script has been tested on both Windows
NT using activestate and Unix/Linux. I offer no guarantees that it will work on your


[ Buffer Overflow Exploit found by Eeye]

Microsoft Windows 2000 IIS 5.0 IPP ISAPI 'Host:' Buffer Overflow Vulnerability

Windows 2000 Internet printing ISAPI extension contains msw3prt.dll which handles
user requests. Due to an unchecked buffer in msw3prt.dll, a maliciously crafted
HTTP .print request containing approx 420 bytes in the 'Host:' field will allow
the execution of arbitrary code. Typically a web server would stop responding in a
buffer overflow condition; however, once Windows 2000 detects an unresponsive web
server it automatically performs a restart. Therefore, the administrator will be
unaware of this attack.

* If Web-based Printing has been configured in group policy, attempts to disable
or unmap the affected extension via Internet Services Manager will be overridden
by the group policy settings.

Download link is below:


Post a Comment