|
CVE Reference: CVE-2006-6578
|
|
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.
|
|
Original Page at CVE MITRE:
CVE-2006-6578
|
|
Description:
Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions.
|
|
CVE Status:
Candidate
|
|
References:
SREASON
http://securityreason.com/securityalert/2036
BUGTRAQ
http://www.securityfocus.com/archive/1/archive/1/454268/100/0/threaded
|
|
|
Return to the previous page.
|
