26th Sep 2002 [SBWID-5292]
	Talentsoft's Web+ remote buffer overflow via cookie
	Talentsoft's Web+ v5.0
	In  David   Litchfield   of   NGSSoftware   [http://www.ngssoftware.com]
	advisory [#NISR17042002B] :
	By requesting a WML file from a web server and supplying an overly  long
	cookie, an internal buffer is overflowed,  overwriting  a  saved  return
	address on the stack. On procedure return control over  the  web  server
	process' execution can be gained. If the server is  running  IIS  4  and
	using the Web+ ISAPI filter, then inetinfo.exe is the process  captured.
	As this runs as SYSTEM, any  code  supplied  by  an  attacker  will  run
	uninhibited. If IIS 5.0 then the process is dllhost.exe  which  runs  in
	the context of the IWAM_* account. As this has  limited  privileges  the
	risk is reduced. If the Web+ environment is set  up  using  the  webplus
	CGI executable, webplus.exe, on either server, then, again, the risk  is
	Talentsoft have created a patch for this problem, see