Microsoft IIS 0Day Vulnerability
Page 1 of 1
Microsoft IIS 0Day Vulnerability
Microsoft IIS 0Day Vulnerability in Parsing Files (semiācolon bug)
A vulnerability has been identified in Microsoft Internet Information Services (IIS) where the server in incorrectly handling files with multiple extensions separated by the ";" character such as "malicious.asp;.jpg" as an ASP file. This could allow attackers to upload malicious executables on a vulnerable web server, bypassing file extension protections and restrictions. This vulnerability does not work with ASP.Net.
Pending an IIS security patch, some workaround are available here.
Source:http://isc.sans.org
See also: Microsoft IIS vuln leaves users open to remote attack
A vulnerability has been identified in Microsoft Internet Information Services (IIS) where the server in incorrectly handling files with multiple extensions separated by the ";" character such as "malicious.asp;.jpg" as an ASP file. This could allow attackers to upload malicious executables on a vulnerable web server, bypassing file extension protections and restrictions. This vulnerability does not work with ASP.Net.
Pending an IIS security patch, some workaround are available here.
Source:http://isc.sans.org
See also: Microsoft IIS vuln leaves users open to remote attack
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Zero day vulnerability in Microsoft Office Web Components discovered
» FreeBSD 7.2 local root vulnerability (0day) demo
» Possible new MySQL 0day
» OpenSSH 0day ?
» 0-day in Microsoft DirectShow
» FreeBSD 7.2 local root vulnerability (0day) demo
» Possible new MySQL 0day
» OpenSSH 0day ?
» 0-day in Microsoft DirectShow
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum