VULHUB ™

Cerberus Information Security Advisory CISADV000327 - Windows NT systems running IIS allows attackers to obtain contents of files users should not be able to access via ISM.DLL. For example text based files (eg .txt,.log and .ini) in the /scripts directory are not normally accessible due to the virtual directory have only script and execute access. Using this vulnerability it is possible to gain access to these files' contents.

Cerberus Information Security Advisory CISADV000327 - Windows NT systems running IIS allows attackers to obtain contents of files users should not be able to access via ISM.DLL. For example text based files (eg .txt,.log and .ini) in the /scripts directory are not normally accessible due to the virtual directory have only script and execute access. Using this vulnerability it is possible to gain access to these files' contents.