• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft IIS Unicode .asp Source Code Disclosure Vulnerability

Solution:
Taken from the VIGILANTE security advisory:

"The Microsoft Security Response Center has investigated the report, but we note that the problem as reported would only affect an IIS server that has been configured to use a FAT volume. However, by design, FAT doesn't provide a security mechanism, and it's never an appropriate file system to use on a production web server. Instead, as discussed in Microsoft's best practices guides and security checklists (http://www.microsoft.com/technet/security/tools.asp), production servers should always use NTFS volumes. The reported problem does not affect systems using NTFS".

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.