Vulnerability Development mailing list archives

Re: Unicode and IIS 2.0

From: w1re p4ir <w1rep4ir () DISINFO NET>
Date: Wed, 17 Jan 2001 21:00:20 -0000

IIS 2.0 Is vulnerable to the attack. I checked it running on a NT 4 server. Although i was having problems getting the 
tftp to connect to my server. Gave me weird reconnection issues. 

On Wed, 17 Jan 2001 16:22:14 +0100 Peter Osterberg <Peter_Osterberg () HOME SE> wrote:

Err,

I've made some further digging today and found that it was a IIS 4.0 server
although the banners reported IIS 2.0.

Sincerely

Peter Osterberg
Dagaz AB

At 21:48 2001-01-16, you wrote:

Hi,

during some activity today I found that IIS 2.0 also seems to be vulnerable
to the unicode bug.
I haven't been able to confirm that IIS 2.0 is installed on the remote
site, but that is at least what the banners report.

As I've followed the unicode thread I haven't seen that anyone has made
this observation before.

Sincerely,

Peter Osterberg
Dagaz AB

----------------------------------------------------------
Peter.Osterberg () dagaz se

www.dagaz.se
Slagthuset, Carlsgatan 12A, 10tr
211 20  Malmoe


_____________________________________________________________
Email your boss can't read - sign up for free disinfo.net email 
at http://www.disinfo.com, your gateway to the underground

Current thread:

Unicode and IIS 2.0 Peter Osterberg (Jan 16)
- <Possible follow-ups>
- Re: Unicode and IIS 2.0 Peter Osterberg (Jan 17)
- Re: Unicode and IIS 2.0 w1re p4ir (Jan 17)