Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Macromedia JRun IIS ISAPI Filter GET Request Buffer Overrun Vulnerability

Macromedia JRun IIS ISAPI Filter GET Request Buffer Overrun Vulnerability

by Nikola Strahija on November 26th, 2002 The Macromedia JRun IIS ISAPI handler is prone to a remotely exploitable buffer overrun condition. The issue is due to a lack of bounds checking on requested filenames. It is possible to trigger the overrun if a filename of excessive length is requested.


Macromedia has released an updater for customers using affected ColdFusion MX releases. Additionally, Macromedia has released patches to address this issue.


Macromedia JRun 3.0:

Macromedia Upgrade JRun 3.0 Windows Upgrade 53843
http://www.macromedia.com/v1/handlers/index.cfm?ID=23500
Fixes are available for internationalized versions of JRun.

Macromedia JRun 3.1:

Macromedia Upgrade JRun 3.1 Windows Upgrade 54009
http://www.macromedia.com/v1/handlers/index.cfm?ID=23500
Fixes are available for internationalized versions of JRun.

Macromedia JRun 4.0:

Macromedia Upgrade JRun 4.0 Windows Upgrade SP1
http://www.macromedia.com/v1/handlers/index.cfm?ID=23500
Fixes are available for internationalized versions of JRun.

Macromedia ColdFusion Server MX 6.0:

Macromedia Upgrade ColdFusion MX Updater Release 1
http://dynamic.macromedia.com/bin/MM/software/trial/hwswrec.jsp?product=cfmx_updater



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »