IIS6 Security Issues

[Matthew Wagenknecht <Matthew.Wagenknecht () Quantum com>]

I've been watching the lists for while looking for postingsof IIS6 flaws. I
have only seen one to date. It was regarding IIS6 sessions and how poorly
implemented they were. It also disclosed a possible attack vector on local
accounts using the Admin pages. I haven't verified these yet. 

Has anyone heard of any other issues, problems, wierdities, etc with IIS6?
Give as many details as possible.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Matt Wagenknecht                          CISSP  |  MCSE
Security Administrator
 ::::        echo oraios i syzygos kai polloi paidia          ::::
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Never be afraid to try something new. 
Remember, amateurs built the ark; professionals built the Titanic. 

This email may contain confidential and privileged information for the sole
use of the intended recipient. Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact
the sender and delete all copies of this email message.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html