COMMAND

    AspUpload

SYSTEMS AFFECTED

    AspUpload 1.4

PROBLEM

    Arne  Vidstrom  found  following.   He  found  what  seems to be a
    buffer overflow in AspUpload 1.4 from Persits Software.  This  was
    only tested on NT 4.0 Server with IIS 3.0.  It's not unlikely that
    it also  works on  previous versions  of AspUpload,  but it is not
    verified.   When you  enter about  3800 characters  or more in the
    filename box in my browser and click on the send button, AspUpload
    kills the  inetinfo process  on the  server (that  is, kills IIS).
    The problem  seems to  be in  the AspUpload.dll,  and the  version
    tested had Product Version "1.4.0.0" and "1.4.0.1".

SOLUTION

    There could exist later  versions with this problem  too, however.
    The buffer  overflow bug  reported in  the Persits  Software, Inc.
    AspUpload component has been fixed.   The new version is  1.4.0.2.
    The patch is available to registered users upon request.