Description: Inge Henriksen has discovered a vulnerability in Microsoft Internet Information Services (IIS), which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the Internet Information Services 5.1 URL parser and can be exploited via a specially crafted URL request.
Example:
http://[host]/[dir]/.dll/%01~0
Successful exploitation requires that "[dir]" is a virtual directory configured with "Scripts & Executables" execution permissions.
NOTE: IIS will automatically restart after a crash.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
