home | archive | books | download | about us | contact us

  Main Sections

About Us
Contact Us

Antivirus Software
Antivirus Updates
Firewall Software
Security Tools
  Microsoft Warnings

MS04-028 : Buffer Overrun in JPEG Processing (GDI+)
MS04-027 : Vulnerability in WordPerfect Converter
MS04-026 : Vulnerability in Exchange Server 5.5 Outlook Web Access
MS04-025 : Cumulative Security Update for IE
MS04-024 : Vulnerability in Windows Shell
MS04-023 : Vulnerability in HTML Help
MS04-022 : Vulnerability in Task Scheduler
MS04-021 : Security Update for IIS 4
MS04-020 : Vulnerability in POSIX
MS04-019 : Vulnerability in Utility Manager
  Sun Warnings

#220 Double Free bug in zlib compression library
#218 Bytecode Verifier
#217 Java Web Start
#216 HttpURLConnection
#215 snmpdx
#214 dtspcd
#213 login
#212 rpc.ttdbserverd
#211 xntpd

Vulnerability in IIS server 2 jul 1998

Following on from the last .asp vulnerability which applied to URLs ending in spaces, and the previous that allowed .asps to be read if they end in ".", it turns out that there is yet another due to Alternate data streams.

The unnamed data stream is normally accessed using the filename itself, with further named streams accessed as filename:stream. However, the unnamed data stream can also be accessed using filename::$DATA.

If you open http://company.com/script.asp::$DATA it turns out that you will be presented with the source of the ASP instead of the output.

Fix for this problem

Fixes are avaiable at http://www.microsoft.com/security.

© 1997-2012 Security-Solutions.net   All Rights Reserved.  Privacy Statement.