Microsoft IIS Escape Character Parsing Vulnerability

Bugtraq ID: 886
Class: Input Validation Error
CVE:
Remote: Yes
Local: Yes
Published: Dec 21 1999 12:00AM
Updated: Dec 21 1999 12:00AM
Credit: Reported to Microsoft by the ACROS Security Team and publicized in a Microsoft Security Bulletin released December 21, 1999.
Vulnerable: Microsoft Site Server Commerce Edition 3.0 i386
+ Hancom Hancom Office 2007 0
 - Microsoft BackOffice 4.5
 - Microsoft BackOffice 4.5
 + Microsoft Commercial Internet System 2.0
 + Microsoft Site Server Commerce Edition 3.0 alpha
 - Microsoft Windows NT Enterprise Server 4.0 SP6a
 - Microsoft Windows NT Enterprise Server 4.0 SP6a
 - Microsoft Windows NT Enterprise Server 4.0 SP6
 - Microsoft Windows NT Enterprise Server 4.0 SP6
 - Microsoft Windows NT Enterprise Server 4.0 SP5
 - Microsoft Windows NT Enterprise Server 4.0 SP5
 - Microsoft Windows NT Enterprise Server 4.0 SP4
 - Microsoft Windows NT Enterprise Server 4.0 SP4
 - Microsoft Windows NT Enterprise Server 4.0 SP3
 - Microsoft Windows NT Enterprise Server 4.0 SP3
 - Microsoft Windows NT Server 4.0 SP6a
 - Microsoft Windows NT Server 4.0 SP6a
 - Microsoft Windows NT Server 4.0 SP6
 - Microsoft Windows NT Server 4.0 SP6
 - Microsoft Windows NT Server 4.0 SP5
 - Microsoft Windows NT Server 4.0 SP5
 - Microsoft Windows NT Server 4.0 SP4
 - Microsoft Windows NT Server 4.0 SP4
 - Microsoft Windows NT Server 4.0 SP3
 - Microsoft Windows NT Server 4.0 SP3
 Microsoft Site Server Commerce Edition 3.0 alpha
- Microsoft BackOffice 4.5
 - Microsoft BackOffice 4.5
 - Microsoft IIS 4.0
 - Microsoft Windows NT 4.0
 - Microsoft Windows NT Enterprise Server 4.0 SP6a
 - Microsoft Windows NT Enterprise Server 4.0 SP6a
 - Microsoft Windows NT Enterprise Server 4.0 SP6
 - Microsoft Windows NT Enterprise Server 4.0 SP6
 - Microsoft Windows NT Enterprise Server 4.0 SP5
 - Microsoft Windows NT Enterprise Server 4.0 SP5
 - Microsoft Windows NT Enterprise Server 4.0 SP4
 - Microsoft Windows NT Enterprise Server 4.0 SP4
 - Microsoft Windows NT Enterprise Server 4.0 SP3
 - Microsoft Windows NT Enterprise Server 4.0 SP3
 - Microsoft Windows NT Server 4.0 SP6a
 - Microsoft Windows NT Server 4.0 SP6a
 - Microsoft Windows NT Server 4.0 SP6
 - Microsoft Windows NT Server 4.0 SP6
 - Microsoft Windows NT Server 4.0 SP5
 - Microsoft Windows NT Server 4.0 SP5
 - Microsoft Windows NT Server 4.0 SP4
 - Microsoft Windows NT Server 4.0 SP4
 - Microsoft Windows NT Server 4.0 SP3
 - Microsoft Windows NT Server 4.0 SP3
 Microsoft IIS 4.0
+ Cisco Building Broadband Service Manager (BBSM) 5.0
+ Cisco Building Broadband Service Manager (BBSM) 5.0
+ Cisco Call Manager 3.0
+ Cisco Call Manager 3.0
+ Cisco Call Manager 2.0
+ Cisco Call Manager 2.0
+ Cisco Call Manager 1.0
+ Cisco Call Manager 1.0
+ Cisco ICS 7750
+ Cisco ICS 7750
+ Cisco IP/VC 3540 Video Rate Matching Module
+ Cisco IP/VC 3540 Video Rate Matching Module
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.0
+ Cisco Unity Server 2.0
+ Cisco uOne 4.0
+ Cisco uOne 4.0
+ Cisco uOne 3.0
+ Cisco uOne 3.0
+ Cisco uOne 2.0
+ Cisco uOne 2.0
+ Cisco uOne 1.0
+ Cisco uOne 1.0
+ Hancom Hancom Office 2007 0
 + Hancom Hancom Office 2007 0
 + Microsoft BackOffice 4.5
 + Microsoft BackOffice 4.5
 + Microsoft Windows NT 4.0 Option Pack
+ Microsoft Windows NT 4.0 Option Pack
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus