Specially-Malformed FTP Requests May Create Denial of Service (188348)
The information in this article applies to:
- Microsoft Internet Information Server 3.0
- Microsoft Internet Information Server 4.0
This article was previously published under Q188348 We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site: SYMPTOMS
Specially-malformed FTP requests may create a Denial of Service in the FTP service, which causes Internet Information Server (IIS) to stop responding and generate an Access Violation error message.
RESOLUTION
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or
the individual software update. For information on obtaining the
latest service pack, please go to:
For information on obtaining the individual software update, contact Microsoft
Product Support Services. For a complete list of Microsoft Product Support
Services phone numbers and information on support costs, please go to the
following address on the World Wide Web:
IIS 4.0
The IIS 4.0 version of this hotfix must be installed over Windows NT 4.0 SP4. It has been posted to the following Internet location as
Ftpls4i.exe (x86) and Ftpls4a.exe (Alpha):
IIS 3.0
The IIS 3.0 version of this hotfix must be installed over Windows NT 4.0 SP4. It has been posted to the following Internet location as
Ftpls3i.exe (x86) and Ftpls3a.exe (Alpha):
STATUS
Microsoft has confirmed this to be a problem in Internet Information Server
versions 3.0 and 4.0.
This problem was first corrected in Windows NT 4.0 Service Pack 5.
| Modification Type: | Minor | Last Reviewed: | 9/22/2005 |
|---|
| Keywords: | kbHotfixServer kbQFE kbbug kbfix kbQFE KB188348 |
|---|
|