Vulnerability Development mailing list archives
(here we go again) more info on MS00-057?
From: rain forest puppy <rfp () WIRETRIP NET>
Date: Wed, 16 Aug 2000 10:10:49 -0500
Ok, MS released MS00-057: file permission canonicalization vulnerability for IIS 4.0 and 5.0. It causes IIS to use permissions on parent folders, rather than the actual permissions on the files/folders(?). Does anyone have any exact exploit information on this? Burt Abreu & Sren Skov of VBExplorer.com, would you like to post some more info? If you can cause IIS to inherit different permissions on files, then it may be possible to use stuff like, oh, say dvwssr.dll *without* needing authoring permission, allowing you to read source or use that handy-dandy buffer overflow. - rfp
Current thread:
- (here we go again) more info on MS00-057? rain forest puppy (Aug 17)