MS01-026 / MS01-044: Microsoft IIS Remote Command Execution (uncredentialed check)
High Nessus Plugin ID 10671
SynopsisArbitrary commands can be executed on the remote web server.
DescriptionWhen IIS receives a user request to run a script, it renders the request in a decoded canonical form, and then performs security checks on the decoded request. A vulnerability results because a second, superfluous decoding pass is performed after the initial security checks are completed. Thus, a specially crafted request could allow an attacker to execute arbitrary commands on the IIS Server.
SolutionMicrosoft has released a set of patches for IIS 4.0 and 5.0.