This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a buffer overflow vulnerability in Microsoft Phone Book Service.
The Phone Book Service is an optional component that ships with the NT 4 Option Pack and Windows 2000. It is not installed by default.
A buffer overflow vulnerability was discovered in the URL processing routines of the Phone Book Service requests on IIS 4 and IIS 5. If exploited, this vulnerability allows an attacker to execute arbitrary code and obtain a remote command shell with those privileges of the IUSR_machinename account (IIS 4) or the IWAM_machinename account (IIS 5).
- Avaya DefinityOne Media Servers
- Avaya IP600 Media Servers
- Avaya S3400 Message Application Server
- Avaya S8100 Media Servers
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Workstation
- Microsoft Windows NT 4.0
- Microsoft Windows NT Enterprise Server 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
- Microsoft Windows NT Server 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
NOTE: The NT 4.0 fix can be applied to systems running NT 4.0 Service Pack 6a. The Windows 2000 fix can be applied to Windows 2000 Gold or Service Pack 1. This fix will be included in Windows 2000 Service Pack 2.