Microsoft IIS Far East Edition DBCS File Disclosure Vulnerability

The Far East editions of Microsoft IIS do not properly validate HTTP requests containing double-byte character sets (DBCS) which may lead to the disclosure of files contained within the web root. The editions that are affected include Traditional Chinese, Simplified Chinese, Japanese, and Korean (Hangeul). This vulnerability affects IIS prior to SP6. The problem was resolved with the release of SP6, however it has resurfaced in IIS 5.0. Non-Far East editions of IIS such as English are not affected by this vulnerability.

In the event that IIS Far East edition receives a HTTP request containing a double-byte character in the filename, it will verify for the presence of a lead-byte. If a lead-byte exists, IIS will proceed to check for a trail-byte. If a trail-byte is not present, IIS will automatically drop the lead-byte. Problems can arise due to the exclusion of the lead-byte because it will result in the opening of a different file from the one specified.

A malicious user may create a specially formed HTTP request containing DBCS to retrieve the contents of files located inside the web root. This may lead to the disclosure of sensitive information such as usernames and passwords.


Privacy Statement
Copyright 2010, SecurityFocus