DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  IIS


SYSTEMS AFFECTED

  Win NT 4.0

  

PROBLEM


    This vulnerability was originally presented on:



        www.ntshop.com/security



    and this text or shape of it is their credit.



    A URL such as:



        http://www.domain.com/scripts/exploit.bat>PATH\target.bat



    will create a file 'target.bat'.



    If the file 'target.bat' exists, the file will be truncated.





EXPLOIT

  

SOLUTION


    Truncation attacks  are a  result of  .BAT and  .CMD file mapping.

    MS made patch available. You  can also disable .CMD and  .BAT file

    mapping (MIME  mapping) so  that the  NT Command  Interpreter will

    not act  on them.  Do this  manually by  using REGEDT32.EXE, which

    can be started from the Start Button | Run.  Under



        HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/W3SVC/Parameters/Script Map



    delete  the  keys  which  start  with  '.BAT' and '.CMD', and then

    restart IIS.