Info

Disclosure

Jun 04, 1999

Discovery

Unknown

Dates

Exploit

Jun 04, 1999

Solution

Unknown

Description

Microsoft IIS webserver contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a request for a non-existent IDC file, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Microsoft Corporation	Windows NT Server 4.0	SP1
		SP2
		SP3
		SP5
		SP4

References

Exploit Database: 19239
Bugtraq ID: 299
Mail List Post: http://marc.info/?l=ntbugtraq&m=92851708801447&w=2

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/83386

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows NT Server 4.0

References

Credit