Microsoft: >> Internet Information Services >> 1.0 Security Vulnerabilities
Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon.
CVSS Score
6.0
EPSS Score
0.148
Published
2009-12-29
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.
CVSS Score
4.4
EPSS Score
0.002
Published
2006-12-15
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
CVSS Score
7.5
EPSS Score
0.043
Published
1997-01-01
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.
CVSS Score
10.0
EPSS Score
0.295
Published
1996-02-25