Vulnerability in IIS server

Main Sections

	Home Archive Books Download About Us Contact Us

Download

	Antivirus Software Antivirus Updates Firewall Software Security Tools

Microsoft Warnings

		MS04-028 : Buffer Overrun in JPEG Processing (GDI+) MS04-027 : Vulnerability in WordPerfect Converter MS04-026 : Vulnerability in Exchange Server 5.5 Outlook Web Access MS04-025 : Cumulative Security Update for IE MS04-024 : Vulnerability in Windows Shell MS04-023 : Vulnerability in HTML Help MS04-022 : Vulnerability in Task Scheduler MS04-021 : Security Update for IIS 4 MS04-020 : Vulnerability in POSIX MS04-019 : Vulnerability in Utility Manager

Sun Warnings

		#220 Double Free bug in zlib compression library #219 SEA SNMP #218 Bytecode Verifier #217 Java Web Start #216 HttpURLConnection #215 snmpdx #214 dtspcd #213 login #212 rpc.ttdbserverd #211 xntpd

Vulnerability in IIS server

2 jul 1998

Following on from the last .asp vulnerability which applied to URLs ending in spaces, and the previous that allowed .asps to be read if they end in ".", it turns out that there is yet another due to Alternate data streams.

The unnamed data stream is normally accessed using the filename itself, with further named streams accessed as filename:stream. However, the unnamed data stream can also be accessed using filename::$DATA.

If you open http://company.com/script.asp::$DATA it turns out that you will be presented with the source of the ASP instead of the output.

Fix for this problem

Fixes are avaiable at http://www.microsoft.com/security.