Microsoft MS03-018 security check

A Cross-Site Scripting(XSS)vulnerability affecting IIS 4.0, 5.0 and 5.1 involving the error message that's returned to advise that a requested URL has been redirected. An attacker who was able to lure a user into clicking a link on his or her web site could relay a request containing script to a third-party web site running IIS, thereby causing the third-party site's response (still including the script) to be sent to the user. The script would then render using the security settings of the third-party site rather than the attacker's. A buffer overrun that results because IIS 5.0 does not correctly validate requests for certain types of web pages known as server side includes. A denial of service vulnerability that results because of a flaw in the way IIS 4.0 and 5.0 allocate memory requests when constructing headers to be returned to a web client. A denial of service vulnerability that results because IIS 5.0 and 5.1 do not correctly handle an error condition when an overly long WebDAV request is passed to them. As a result an attacker could cause IIS to fail.

Microsoft has released a patch to correct these issues There is a dependency associated with this patch - it requires the patch from Microsoft Security Bulletin MS02-050 to be installed. If this patch is installed and MS02-050 is not present, client side certificates will be rejected. This functionality can be restored by installing the MS02-050 patch.