CVE-2002-0072 Information

Description

The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0 5.0 and 5.1 does not properly handle the error condition when a long URL is provided which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.

Reference

http://marc.info/?l=bugtraq&m=101853851025208&w=2 http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8800.php http://www.kb.cert.org/vuls/id/521059 http://www.osvdb.org/3326 http://www.securityfocus.com/bid/4479 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018