Screaming Penguin

Wow, another gaping hole? The group at eEye has released a statement detailing the new NT IIS exploit but basically it boils down to this: "The vulnerability allows arbitrary code to be run on any web server running the latest release of Microsoft Internet Information Server. Utilizing a buffer overflow bug in the web server software, an attacker can remotely execute code to enable system level access to all data residing on the server." Thats pretty heinous if its true. I havent tried to pull off the exploit yet, but based on the information it looks very plausible. Check the links for more info (especially if you are an IIS admin.) the advisory the actual exploit complete with code UPDATE: It turns out this is an old exploit. I have never encountered it before but it was discovered in July 99. I have tried this exploit and it halfway works most of the time. On virtually every IIS box I have tried it stops the server cold, first try. However, only a few actually allow the trojan to load. This is supposed to work on IIS with SP3,4, and 5. Even so, stopping the server is pretty bad, and the point is that the exploit is there, if you were to re-write the trojan to tailor to your needs you could do some serious damage with this. USE AT YOUR OWN RISK. Note the binaries are also available look here.   eEye.com