Potentially damaging vulnerabilities have been found in Microsoft products ranging from its Internet Information Server (IIS), Remote Access Service and SQL Server 2000.
The danger posed by the flaws range from gaining a higher level of system privileges to being able to run arbitrary code on targeted systems.
Two vulnerabilities have been discovered in SQLXML, a protocol used to transfer data to and from SQL Server 2000 databases. SQLXML helps developers bridge the gap between XML and relational data. Users can work with their relational data as though it was an XML file over the Internet.
The first flaw involves an unchecked buffer vulnerability in an ISAPI extension that could allow an attacker to run code on an IIS Web server. However, the attacker would have to know the location of the virtual directory for SQLXML on the IIS Server to exploit the flaw, Microsoft said in an alert.
The second hole could allow an attacker to run script on a target computer with higher privileges. However, attackers must know the addresses of target SQL Servers. "For example, a script might be able to be run in the Intranet Zone instead of the Internet Zone," Microsoft said.
Remote Access Service
A flaw in the Remote Access Service (RAS) phonebook could create a buffer overrun allowing an attacker to crash the system and possibly run code. Only attackers who have proper log-on credentials can exploit the vulnerability, Microsoft said.
RAS allows dial-up connections between computers and networks. RAS is delivered in Windows NT 4.0, Windows 2000 and Windows XP. It is also found in Routing and Remote Access Server (RRAS) for Windows NT 4.0.
Attackers can exploit the flaw by logging on a server and modifying a phonebook entry using malformed data. They can then make a connection using the phonebook entry, thus running the imputed data.
Heap Overrun in HTR
A heap buffer overrun flaw exists in the Chunked Encoding data transfer mechanism in IIS version 4.0 and 5.0. An attacker could use the flaw to make the system crash or run arbitrary code on the system, Microsoft said.
Microsoft has recommended for a while users disable HTR functionality unless it's needed for a critical business use. Most people no longer use the obsolete scripting technology and now use active server pages instead.