DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  IIS

SYSTEMS AFFECTED

  NT 4.0, IIS 1.0
  

PROBLEM


    A URL such as  'http://www.domain.com/..\..' allows you to  browse
    and  download  files  outside   of  the  webserver  content   root
    directory.

    A  URL  such  as   'http://www.domain.com/scripts..\..\scriptname'
    allows you to execute the target script.

    By default user 'Guest' or  IUSR_WWW has read access to  all files
    on an NT disk. These files can be browsed, executed or  downloaded
    by wandering guests.

    For verification check:

        http://www.omna.com/iis-bug.htm



EXPLOIT

  

SOLUTION


    Upgrade your version of IIS.