Reported January 29, 2001, by Microsoft.
- Internet Information Server 4.0
- Internet Information Server 5.0
Microsoft has issued a patch for a new variation of the “File Fragment Reading via .HTR” vulnerability. A malicious user can use this vulnerability to read .asp files.
Microsoft has released a security bulletin, MS01-004. Microsoft recommends that users disable .htr functionality and not store sensitive information on a Web server.
Discovered by Microsoft.