VULHUB ™

Microsoft Content Management Server (MCMS) 2001 is a .NET Enterprise Server product for development and management of e-business websites. A vulnerability in MCMS allows an authenticated user to upload new content into arbitrary locations on the server. If executable content such as ASP pages is uploaded into a public location and then requested through the server, it may be interpreted and executed. The attacker-supplied content will only exist in the arbitrary location for a short period of time. By default, code will executed as the non-privileged account IWAM_machinename. An additional flaw in versions of MCMS may allow an arbitrary remote user to upload content without authentication. In conjunction, this may allow any attacker able to connect to the vulnerable service to exploit this vulnerability.

Microsoft Content Management Server (MCMS) 2001 is a .NET Enterprise Server product for development and management of e-business websites. A vulnerability in MCMS allows an authenticated user to upload new content into arbitrary locations on the server. If executable content such as ASP pages is uploaded into a public location and then requested through the server, it may be interpreted and executed. The attacker-supplied content will only exist in the arbitrary location for a short period of time. By default, code will executed as the non-privileged account IWAM_machinename. An additional flaw in versions of MCMS may allow an arbitrary remote user to upload content without authentication. In conjunction, this may allow any attacker able to connect to the vulnerable service to exploit this vulnerability.