Products  |  Software  |  Services  |  Solutions  |  Support  |  Supplies  
HomeSupportSecurityMS05-020
My OcéContact Océ
MS 08-006: Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
/NR/rdonlyres/egi2cafjfelwt45jqajar7lfddnbqp4yc33ujjpc3pbvtxteynez6ifxyvaup56h5mb7zc24grr2dn/_TemplateResource1.gif

This important update resolves a privately reported vulnerability in Internet
Information Services (IIS). A remote code execution vulnerability exists in the
way that IIS handles input to ASP Web pages. An attacker who successfully
exploited this vulnerability could then perform actions on the IIS server with
the same rights as the Worker Process Identity (WPI). The WPI is configured
with Network Service account privileges by default. IIS servers with ASP pages
whose application pools are configured with a WPI that uses an account with
administrative privileges could be more seriously impacted than IIS servers
whose application pool is configured with the default WPI settings.

Océ systems Vulnerability / Status Recommended action
Océ TDS300 1.x
Océ TDS320 1.x
Océ TDS400 2.x
Océ TDS450 1.x
Océ TDS600 4.x
Océ TDS700 1.x
Océ TDS800 2.x
Océ TDS860 1.x
Océ TCS300 1.x
Océ TCS400 2.x
Océ TCS500 1.x
 Not vulnerable None
Océ DPS400
Océ VP2105		 Not vulnerable None
Océ VP2090
Océ VP21x0
Océ VP3xx0
 Not vulnerable None
Océ VP6xx0
 This product may be affected by this vulnerability Download patch
Océ 900C
Océ 950C		 Under investigation Subscribe to email alerts
Océ 910C
Océ 960C
Océ 970C
Océ 1000C
Océ 1070C
 Under investigation Subscribe to email alerts
Océ IP-901
Océ IC-302
Océ IC-303
Océ IC-408
 Under investigation Subscribe to email alerts
Océ Corporate Site
  Home | Products | Software | Services | Solutions | Support | Supplies  
Privacy policy | Terms of use | Other Océ websites »
© 2008 Océ
All rights reserved