DATE: COMMAND SOURCE: AUTHOR: IIS SYSTEMS AFFECTED NT 4.0 PROBLEM This vulnerability was originally presented on: www.ntshop.com/security and this text or shape of it is their credit. URL such as http://www.domain.com/scripts/script_name%0A%0D>PATH\target.bat will create an output file 'target.bat'. EXPLOIT SOLUTION Redirection attacks are a result of .BAT and .CMD file mapping. MS made patch available. You can also disable .CMD and .BAT file mapping (MIME mapping) so that the NT Command Interpreter will not act on them. Do this manually by using REGEDT32.EXE, which can be started from the Start Button | Run. Under HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/W3SVC/Parameters/Script Map delete the keys which start with '.BAT' and '.CMD', and then restart IIS.