This update resolves the "Web Server File Request Parsing" security vulnerability in Internet Information Services (IIS) 5.0 and is discussed in Microsoft Security Bulletin MS00-086. Download now to prevent a malicious user from modifying Web pages, adding, changing, or deleting files by sending malformed file requests. When a Web server that is running IIS receives a request for a file, it passes the name of the file to the operating system for processing. If a malicious user combines a request for a .cmd or .bat file with operating system commands in a particular way, IIS improperly passes both the file request and the commands to the operating system. This could allow the malicious user to run commands directly on the Web server.
|File Size||503.61 kB|
|Operating System||Windows 2000 Windows XP Windows Windows 98|