Symantec - australia / new zealand
 global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


© 1995-2006 Symantec Corporation.
All rights reserved.
Legal Notices
Updated Privacy Policy
press centre

Voice of Reason - Microsoft WebDAV Vulnerability

SYDNEY --NSW - March 12, 2003 -- A new Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability was discovered today in its IIS Web servers. The previously unreported vulnerability is present in the Microsoft Windows 2000 IIS WebDAV component.

WebDAV (Web Distributed Authoring And Versioning) allows documents to be assigned properties and attributes and enables collaborative creation, editing and searching from remote locations. It also enables documents to be written via HTTP.

If an attacker were able to run code with Local System privileges on an affected system, the attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges.

Microsoft IIS is estimated to run approximately 25 per cent of the Internet's Web servers, which means approximately 4 million systems could be potentially affected.

Symantec Security Response strongly encourages network administrators install the latest patch to protect against any malicious threats. Symantec's advanced network-based intrusion detection system, ManHunt detects this exploit as "HTTP Malformed URL".

About Symantec
Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 38 countries. For more information, please visit www.symantec.com.au

NOTE TO EDITORS: Symantec and the Symantec logo are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.