VULHUB ™

An issue exists in Microsoft IIS 4.0 and Symantec Norton Internet Security 2001 which could allow an unauthorized user or process to manipulate the contents of log files. This is due to the default file system permissions in Windows. Unprivileged users could modify the log file using a File Open Dialog with Win32 API call. The following are the default permissions on the log files folder: Administrators: Full Control Everyone: Change (RWXD) IUSR_ ComputerName : Full Control System: Full Control

An issue exists in Microsoft IIS 4.0 and Symantec Norton Internet Security 2001 which could allow an unauthorized user or process to manipulate the contents of log files. This is due to the default file system permissions in Windows. Unprivileged users could modify the log file using a File Open Dialog with Win32 API call. The following are the default permissions on the log files folder: Administrators: Full Control Everyone: Change (RWXD) IUSR_ ComputerName : Full Control System: Full Control