|
|
NT IIS idq.dll Directory Traversal Vulnerability
Solution: Microsoft's webhits.dll patch addresses some of the issue. It is available at: Intel: http://www.microsoft.com/downloads/release.asp?ReleaseID=17727 Alpha: http://www.microsoft.com/downloads/release.asp?ReleaseID=17728 Also, IDQ files should be edited to force usage of specific template files, eliminating user input from the process. For example, Old -> CiTemplate=%TemplateName% New -> CiTemplate=/path/actualtemplate.htx |
|
Privacy Statement |