Win2K/IIS 5.0 remote system access vulnerability


Author: JT Smith

eEye Digital Security issued a
security bulletin
today warning that all servers running Microsoft Windows 2000 and Microsoft IIS 5.0 can be remotely compromised, giving system-level access. As
Microsoft’s writeup
says, “It would give the attacker complete control of the server. She could load and execute any program she chose on the machine,” etc. eEye has kindly not made its exploit public and waited for Microsoft to issue its patch before making the announcement.


  • Linux