VULHUB ™

Microsoft Security Bulletin (MS00-086) - Microsoft has released a patch that eliminates a serious security vulnerability in Microsoft IIS 5.0. Due to an implementation flaw, it is possible to create a specially-malformed file request that contains both a file name and one or more operating system commands. Upon receiving such a request, IIS 5.0 passes the entire string to the operating system, which would first process the file and then execute the commands with user priveledge. Microsoft FAQ on this issue available here.

Microsoft Security Bulletin (MS00-086) - Microsoft has released a patch that eliminates a serious security vulnerability in Microsoft IIS 5.0. Due to an implementation flaw, it is possible to create a specially-malformed file request that contains both a file name and one or more operating system commands. Upon receiving such a request, IIS 5.0 passes the entire string to the operating system, which would first process the file and then execute the commands with user priveledge. Microsoft FAQ on this issue available here.