Info

Disclosure

Aug 27, 1997

Discovery

Unknown

Dates

Exploit

Aug 27, 1997

Solution

Unknown

Description

Microsoft IIS contains a flaw that allows a remote attacker to create arbitrary files or a denial of service on a remote server. The issue is due to the "newdsn.exe" CGI application not sanitizing arguments provided. If an attacker is able to create a file on the system, it can be leveraged for additional privileges.

Classification

Unknown or Incomplete

Solution

Remove newdsn.exe from the /scripts/tools web directory. This is normally mapped to C:InetPubScriptsTools but may be found in a different location depending on your installation.

Products

Microsoft Corporation	IIS	2.0
		3.0

References

ISS X-Force ID: 1530
Bugtraq ID: 1818
CVE ID: 1999-0191 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1997_3/0456.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/275

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

IIS

References

Credit