PROBLEM: Microsoft has identified a canonical error in the Internet Information Server (IIS). Unicode Exploit. PLATFORM: Any platforms running Microsoft IIS 4.0 and 5.0 DAMAGE: A particular type of malformed URL may allow access to files and folders that lie anywhere on the logical drive. SOLUTION: Apply appropriate patches as indicated below.
VULNERABILITY Risk is MEDIUM. The vulnerability affects system security and is ASSESSMENT: publicly known. Patches should be applied as soon as possible.
Voice: +1 925-422-8193 (7 x 24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: firstname.lastname@example.org World Wide Web: http://www.ciac.org/ http://ciac.llnl.gov (same machine -- either one will work) Anonymous FTP: ftp.ciac.org ciac.llnl.gov (same machine -- either one will work)