Atstake Security Advisory A120400-1 - IIS 4.0/5.0 Phone Book server buffer overrun vulnerability. The Phone Book Service was created by Microsoft to help provide dial in services to the corporation and ISPs. As part of the functionality of the service when users dial in their client software can be configured to download phone book updates from a web server. The ISAPI application that serves the update is pbserver.dll. This DLL contains a buffer overrun vulnerability that can allow the execution of arbitrary code or at best crash the Internet Information Server process, inetinfo.exe.
7822463a0e0c98a33b81e6be0d33e5d289f446c0bcfff7a90e516e33823ba258