DATE: COMMAND SOURCE: AUTHOR: IIS SYSTEMS AFFECTED Win NT 4.0 PROBLEM This vulnerability was originally presented on: www.ntshop.com/security and this text or shape of it is their credit. A URL such as: http://www.domain.com/scripts/exploit.bat>PATH\target.bat will create a file 'target.bat'. If the file 'target.bat' exists, the file will be truncated. EXPLOIT SOLUTION Truncation attacks are a result of .BAT and .CMD file mapping. MS made patch available. You can also disable .CMD and .BAT file mapping (MIME mapping) so that the NT Command Interpreter will not act on them. Do this manually by using REGEDT32.EXE, which can be started from the Start Button | Run. Under HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/W3SVC/Parameters/Script Map delete the keys which start with '.BAT' and '.CMD', and then restart IIS.