Mss_log.dll ISAPI Filter Causes an Access Violation in IIS (195172)

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

SYMPTOMS

The Site Server Mss_log.dll ISAPI filter may cause Internet Information Server (IIS) to access violate with a c0000005 exception in the Inetinfo.exe process.

To further verify whether this is a problem, follow these steps:

Open the Drwtsn32.log file in Notepad. It contains a log of all program exceptions that occur on a computer unless configured otherwise.
Search for all instances of the word "fault" in the Drwtsn32.log file. Compare the stack back trace following the last instance of the word "fault" to see whether the stack back trace matches the one below: *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 03effc9c 32313538 3239322e 30363730 2e796d33 mss_log!on_preprocheaders+0x227(FPO: [Non-Fpo]

CAUSE

This problem can occur if an improperly formatted browser cookie is sent from the client. When the Site Server Mss_log.dll ISAPI filter receives the improperly formatted browser cookie from the client, it improperly parses the cookie when adding the Site Server ID field to the cookie.

STATUS

Microsoft has confirmed this to be a problem in Microsoft Site Server version 3.0. This problem has been corrected in the latest U.S. service pack for Microsoft Site Server version 3.0. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces):