Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Third Party Software Affected by IIS "Escape Character Parsing" V ulnerability

From: secure () MICROSOFT COM (Microsoft Product Security Response Team)
Date: Tue, 28 Dec 1999 10:27:05 -0800

Hi All -

A recent posting to BugTraq asked why we didn't identify specific
third-party software products that are affected by the "Escape Character
Parsing" vulnerability
(http://www.microsoft.com/Security/Bulletins/ms99-061.asp).  Although we do
try to provide as much information regarding security vulnerabilities as
possible, we simply can't provide information like this without the consent
of the third-party vendors.  Even if we could provide a list of third-party
products that are known to be affected by the vulnerability, it would become
obsolete almost immediately as new versions of the products are released.

The safest course of action is to apply the patch if you are running any
third-party software atop IIS.  This will ensure that your system is
protected, regardless of the third-party software you're using now or in the
future.  Regards,

Secure () microsoft com
Previous By Date Next
Previous By Thread Next

Current thread: