Reported December 13, 2000 by NSFocus

VERSIONS AFFECTED
  • Microsoft IIS 4.0 Far East Version
  • Microsoft IIS 5.0 Far East Version

DESCRIPTION

A vulnerability exists in Microsoft IIS Far East 4.0 and 5.0.  A malicious attacker uses the vulnerability to read files in the Web directory. By submitting  a malformed URL, an attacker can obtain the contents of files.

VENDOR RESPONSE

Microsoft was informed of the issue on December 8, 2000.

CREDIT
Discovered by
NSFocus