Microsoft IIS HTTP Request Header Buffer Overflow

This strike identifies a vulnerability in Microsoft Internet Information Services. If FastCGI is enabled then a buffer of 944 bytes is allocated to store the pointer and size values of HTTP header fields. This code calculates enough space for 59 headers and re-sizes the buffer accordingly. The code does not properly take into consideration pre-defined headers, so those parameters are added to the same buffer. Therefore supplying more than 16 HTTP headers can oveflow the heap buffer.