IIS Unicode Directory Traversal

Added: 07/03/2006
CVE: CVE-2000-0884
BID: 1806
OSVDB: 436

Background

Microsoft IIS is a web server for Windows platforms.

Problem

Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by encoding invalid characters in Unicode. For example, a slash character is represented as %c0%af. This allows remote attackers to access any executable file on the system using a directory traversal attack from the /scripts virtual directory, leading to command execution.

Resolution

Install the patch referenced in Microsoft Security Bulletin 00-078.

References

http://archives.neohapsis.com/archives/bugtraq/2000-10/0263.html

Limitations

Certain characters are disallowed when using this exploit to run commands.

Platforms

Windows

Back to exploit index