Microsoft tells that it's investigating reports of possible vulnerability in Microsoft IIS. "An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication."
More information:
http://www.microsoft.com/technet/security/advisory/971492.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1535
http://www.auscert.org.au/render.html?it=11001
http://isc.sans.org/diary.html?storyid=6397
http://www.milw0rm.com/exploits/8704
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment