CVE-2002-1973

Name of the Vulnerable Software and Affected Versions CHttpServer versions prior to the fixed version in Visual C++ 5.0 and 6.0 before SP3

Description The issue is related to a buffer overflow in the CHttpServer::OnParseError function within the ISAPI extension, specifically when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0 and 6.0 before SP3. This can be triggered by a long query string that causes a parsing error, potentially allowing remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code.

Recommendations For versions prior to the fixed version in Visual C++ 5.0 and 6.0 before SP3, update to Visual C++ 6.0 SP3 or later to resolve the issue. As a temporary workaround, consider restricting access to the ISAPI extension to minimize the risk of exploitation.