| VID |
22098 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The dll "/_vti_bin/_vti_aut/dvwssr.dll" seems to be present.
This dll contains a bug which allows anyone with authoring web permissions on this system to alter the files of other users.
In addition to this, this file is subject to a buffer overflow which allows anyone to execute arbitrary commands on the server and/or disable it.
* References:
http://online.securityfocus.com/bid/1109
http://www.microsoft.com/technet/security/bulletin/ms00-025.asp |
| Recommendation |
Delete /_vti_bin/_vti_aut/dvwssr.dll immediately |
| Related URL |
CVE-2000-0260 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
