Security flaw in Microsoft IIS

Peaches

By Peaches,
in Security Alerts

 Share Followers 0

Recommended Posts

Peaches

Peaches

Posted
Posted
28 December 2009, 10:17

Security flaw in Microsoft IIS

Soroush Dalili has discovered that various versions of Microsoft's Internet Information Services (IIS) contain a security flaw that can be exploited to inject and execute malicious code on Windows web servers. Dalili writesfile-pdf.gif that the problem occurs during the parsing of filenames with a semicolon extension in IIS. When ";.jpg" is added to an .asp file, for instance, systems that merely analyze the executability of code based on the ultimate file ending can be duped; a file entitled "malicious.asp;.jpg" would then be executed as an .asp file.

More at Heise security - http://www.h-online....IIS-892881.html

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing