Bugtraq mailing list archives
Microsoft - Personal Web Server Extended UNICODE Directory Traversal Vulnerability
From: Dinos Pastos <dinopio () LINUX COM CY>
Date: Sun, 18 Mar 2001 12:16:02 +0200
Hi all... Just wanted to point out that while testing my Default installation of Windows 98 running Microsoft Personal Web Server that came with the Windows98 SE CD I discovered that the famous IIS 4/5 Unicode Directory Traversal Vulnerability applies also to this Server just as bad as in IIS. The exploit method is the same : http://PWS-server/scripts/..%c1%9c../windows/notepad.exe I wont go in to detail on how to exploit a Windows machine... (Sorry script kiddies)... Patches: Dunno. Quickfixes: Use Linux. Dinos Pastos - dinopio () linux com cy Security Advisor
Current thread:
- Microsoft - Personal Web Server Extended UNICODE Directory Traversal Vulnerability Dinos Pastos (Mar 19)
- <Possible follow-ups>
- Re: Microsoft - Personal Web Server Extended UNICODE Directory Traversal Vulnerability Microsoft Security Response Center (Mar 20)
- Re: Microsoft - Personal Web Server Extended UNICODE Directory Traversal Vulnerability Dinos Pastos (Mar 20)
- Re: Microsoft - Personal Web Server Extended UNICODE Directory Traversal Vulnerability David F. Skoll (Mar 20)
- Re: Microsoft - Personal Web Server Extended UNICODE Directory Traversal Vulnerability Michael Brennen (Mar 21)
- Re: Microsoft - Personal Web Server Extended UNICODE Directory Traversal Vulnerability Robert Bihlmeyer (Mar 21)