DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  IIS

SYSTEMS AFFECTED

  Win NT 4.0
  

PROBLEM


    This vulnerability was originally presented on:

        www.ntshop.com/security

    and this text or shape of it is their credit.

    A URL such as:

        http://www.domain.com/scripts/exploit.bat>PATH\target.bat

    will create a file 'target.bat'.

    If the file 'target.bat' exists, the file will be truncated.



EXPLOIT

  

SOLUTION


    Truncation attacks  are a  result of  .BAT and  .CMD file mapping.
    MS made patch available. You  can also disable .CMD and  .BAT file
    mapping (MIME  mapping) so  that the  NT Command  Interpreter will
    not act  on them.  Do this  manually by  using REGEDT32.EXE, which
    can be started from the Start Button | Run.  Under

        HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/W3SVC/Parameters/Script Map

    delete  the  keys  which  start  with  '.BAT' and '.CMD', and then
    restart IIS.