Another critical vulnerability have been found in the Microsoft IIS web service which allows malicious users to upload 
malicious files by appending innocent filename extensions like "jpg" to malicious files. The problem arises from by the way Microsoft IIS parses file names with colons or semicolons in them which can allow attackers to bypass filters and potentially trick server into running a malware.
Soroush Dalili,the security researcher who found the flaw commented " Impact of this vulnerability is absolutely high as an attacker can bypass file extension protections by using a semicolon after an executable extension such as '.asp,' '.cer,' '.asa' and so on," he continued "Many web applications are vulnerable against file uploading attacks because of this weakness of IIS."
Secunia,a Danish computer security service provider,confirmed the bug on a machine running a fully patched version of Windows 2003 R2 SP2 with Microsoft IIS version 6.
A Microsoft spokeswoman said company researchers are investigating the report. They are not aware of attacks targeting the reported vulnerability, she said.
Via The Registrar
POSTED BY XERO. ALL RIGHTS RESERVED.
First of all a Very Merry Christmas friends..Sorry for a late update but I was having my final exams and was quite busy with them. Today they have been partially completed ( I mean I have just 2 exams left with ample time of 16 days to get hold of things in between ) and hence I m back with my techno-security babble. In the mean time I messed with my new cellphone ( A Nokia 3120 classic ),played Halo and decided to pursue RHCE and hanged out with girls :)
Well I will be getting more time now with my blog and that's a good thing,both for you loyal followers of PROHACK and for me :) cuz I have learnt much from this blog more than anything else.
Thanks for Being a Pro :)
XERO
POSTED BY XERO. ALL RIGHTS RESERVED.
0 comments:
Post a Comment