Bugtraq mailing list archives
Re: MS IIS 5.0 Access Violation on handling URL String
From: mikehow () MICROSOFT COM (Michael Howard)
Date: Mon, 17 Jan 2000 17:31:15 -0800
this is by design - the call inside iis is wrapped in an exception handler and reporting the error. kinda like this: try { char *pF = NULL; *pF = "Hello, there!"; } catch { // oops! there was an error } Cheers, Michael Howard Windows 2000 Security Got an 'Access Denied' problem? Check the appropriate logs first! -----Original Message----- From: Lark Lizerman [mailto:webmaster () DOC2000 DE] Sent: Thursday, January 13, 2000 7:06 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: MS IIS 5.0 Access Violation on handling URL String Description: MS IIS 5.0 has problems handling a specific form of URL ending with "ida". The extension ida has been taken from the Bugtraq posting "IIS revealing webdirectories" The problem causes 2 kind of results. The one result is that the server responds with a message like "URL String too long"; "Cannot find the specified path" The other error causes the server to terminate with an Access Violation. When the server "Access violates" it displays as last message: File d:\http\................................................................ ........................................................................ ........................................................................ ............................................???????. Error 0xc0000005 caught while processing query <snip> <HR NOSHADE> <UL> <LI>application/x-pkcs7-signature attachment: smime.p7s </UL>
Current thread:
- MS IIS 5.0 Access Violation on handling URL String Lark Lizerman (Jan 13)
- Re: MS IIS 5.0 Access Violation on handling URL String Anthony Benjamin (Jan 14)
- Re: MS IIS 5.0 Access Violation on handling URL String Imran Ghory (Jan 18)
- Re: MS IIS 5.0 Access Violation on handling URL String David Litchfield (Jan 15)
- Re: MS IIS 5.0 Access Violation on handling URL String Lark Lizerman (Jan 15)
- Yahoo Pager/Messanger Buffer Overflow Jaynus Jaynus (Jan 16)
- <Possible follow-ups>
- Re: MS IIS 5.0 Access Violation on handling URL String Michael Howard (Jan 17)
- Re: MS IIS 5.0 Access Violation on handling URL String Michael Howard (Jan 18)
- Re: MS IIS 5.0 Access Violation on handling URL String Anthony Benjamin (Jan 14)