New vulnerability has been discovered by Soroush Dalili in the latest popular Microsoft web server IIS, the vulnerability allows an attacker to bypass the IIS security and execute remotely a malicious code on the system.
According to the researcher the gap exist due to the web server incorrectly executing e.g. ASP code included in a file having multiple extensions separated by “;”, only one internal extension being equal to “.asp” (e.g. “file.asp;.jpg”). This can be exploited to potentially upload and execute arbitrary ASP code via a third-party application using file extensions to restrict uploaded file types.
On the other hand secunia confirmed the vulnerability on a fully patched Windows Server 2003 R2 SP2 running Microsoft IIS version 6. Other versions may also be affected and the solution is by Restricting file uploads to only trusted users.
make sure you subscribe to my RSS feed!