A Cross-Site Scripting (XSS) vulnerability affecting IIS 4.0, 5.0 and 5.1 involving the error message that's returned to advise that a requested URL has been redirected. An attacker who was able to lure a user into clicking a link on his or her web site could relay a request containing script to a third-party web site running IIS, thereby causing the third-party site's response (still including the script) to be sent to the user. The script would then render using the security settings of the third-party site rather than the attacker's. A buffer overrun that results because IIS 5.0 does not correctly validate requests for certain types of web pages known as server side includes. A denial of service vulnerability that results because of a flaw in the way IIS 4.0 and 5.0 allocate memory requests when constructing headers to be returned to a web client. A denial of service vulnerability that results because IIS 5.0 and 5.1 do not correctly handle an error condition when an overly long WebDAV request is passed to them. As a result an attacker could cause IIS to fail.

Microsoft has released a patch to correct these issues There is a dependency associated with this patch - it requires the patch from Microsoft Security Bulletin MS02-050 to be installed. If this patch is installed and MS02-050 is not present, client side certificates will be rejected. This functionality can be restored by installing the MS02-050 patch. IIS 4.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=1DBC1914-98E9-4DED-ADBF-E9B374A1F79D&displaylang=en IIS 5.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=2F5D9852-4ADD-44F8-8715-AC3D7D7D94BF&displaylang=en IIS 5.1: 32-bit Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=77CFE3EF-C5C5-401C-BC12-9F08154A5007&displaylang=en 64-bit Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=86F4407E-B9BF-4490-9421-008407578D11&displaylang=en The IIS 4.0 patch can be installed on systems running Windows NT 4.0 Service Pack 6a. http://support.microsoft.com/kb/241211 The IIS 5.0 patch can be installed on systems running Windows 2000 Service Pack 2 or Service Pack 3. http://www.microsoft.com/windows2000/downloads/servicepacks/sp2/default.mspx http://www.microsoft.com/windows2000/downloads/servicepacks/sp3/default.mspx The IIS 5.1 patch can be installed on systems running Windows XP Professional Gold and Service Pack 1. http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx