[Dshield] IIS 5.1 DoS

stu secmail at patchsupplier.dyndns.org
Mon Dec 19 14:57:25 GMT 2005


Fun for Christmas?

 

http://www.frsirt.com/exploits/20051219.iis51dos.c.php

 

<Quote>

 

Microsoft IIS 5.1 Remote D.o.S Exploit by Kozan
 
Vulnerable: 
Microsoft Internet Information Server(r) V5.1
 
Not vulnerable: 
Microsoft Internet Information Server(r) V5.0 
Microsoft Internet Information Server(r) V6.0
 
Only folders with Execute Permissions set to 'Scripts & Executables' 
are affected, such as the '_vti_bin' directory.
 
inetinfo.exe will be crashed after exploitation finished successfully.

 

</Quote>

 

Presumably this works on Win XP Sp2. Anyone think pre-SP2 this will be
changed to execute code?

 

Stu



More information about the list mailing list