|
Family: Windows : Microsoft Bulletins --> Category: infos
Vulnerability in Microsoft IIS using ASP Could Allow Remote Code Execution (917537) Vulnerability Scan
Vulnerability Scan Summary Acertains if hotfix 917537 has been installed
Detailed Explanation for this Vulnerability Test
Synopsis :
It is possible to use the remote web server to exploit arbitrary code on the
remote host.
Description :
The remote host is running a version of Windows and IIS which is vulnerable
to a flaw which may allow a possible hacker who has the rights to upload
arbitrary ASP scripts to it to execute arbitrary code.
Specifically, the remote version of IIS is vulnerable to a flaw when parsing
specially crafted ASP files. By uploading a malicious ASP file on the remote
host, a possible hacker may be able to take the complete control of the remote
system.
Solution :
Microsoft has released a set of patches for Windows 2000, XP and 2003:
http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx
Threat Level:
Medium / CVSS Base Score : 4.2
(AV:R/AC:L/Au:R/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|