Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Multiple Vulnerabilities in Microsoft's BizTalk Server 2002 and 2000
Two new vulnerabilities exist in Microsoft BizTalk Server 2002 and 2000, one of which can result in the execution of arbitrary code on the vulnerable system.
Ken Pfeil
April 30, 2003
2 Min Read
Reported April 30, 2003, by Microsoft.
VERSIONS AFFECTED
· Microsoft BizTalk Server 2002 and 2000
DESCRIPTION
Two new vulnerabilities exist in Microsoft BizTalk Server 2002 and 2000, one of which can result in the execution of arbitrary code on the vulnerable system. The two new vulnerabilities consist of the following:
· The first vulnerability is a buffer overrun on BizTalk Server 2002 in the HTTP receiver--the component that receives HTTP documents. This flaw can permit an attacker to execute code of his or her choice on the BizTalk Server system.
· The second vulnerability is a SQL injection vulnerability in some of the pages that BizTalk 2002 and 2000's Document Tracking and Administration (DTA) uses. This flaw can permit an attacker to send a crafted URL query string to a legitimate DTA user. If that user then navigated to the URL that the attacker sent, the attacker could execute a malicious embedded SQL statement in the query string.
VENDOR RESPONSE
Microsoft has released Security BulletinMS03-016, "Cumulative Patch for BizTalk Server (815206)," to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin.
CREDIT
Discovered byCesar Cerrudo.
Read more about:
MicrosoftAbout the Author(s)
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
.jpg?width=700&auto=webp&quality=80&disable=upscale)
