Key Details of IIS5 File-Fragment Reading via Malformed HTR Request Vulnerability Patch

  • Stop malicious users from controlling your Web server.
  • Last updated on February 8, 2017
  • There have been 6 updates
  • Also available on
  • Virus scan status:

    Clean (it's extremely likely that this software program is clean)


Developer's Description

Stop malicious users from controlling your Web server.
This vulnerability involves a new variant of the 'File Fragment Reading via .HTR' vulnerability, previous variants of which were discussed in Microsoft Security Bulletins MS00-031 and MS00-044. Like the original variants, this one could enable an attacker to request a file in a way that would cause it to be processed by the HTR ISAPI extension. The result of doing this is that fragments of server-side files, such as ASP files, could potentially be sent to the attacker.

Customers who have previously disabled the HTR functionality would not be affected by this vulnerability. Microsoft recommends that all customers who haven't already disabled HTR do so, unless there is a business-critical reason for keeping it. For the latter group of customers, this patch will eliminate this vulnerability.



Explore More


Full Specifications

GENERAL
Release
March 12, 2001
Latest update
February 8, 2017
Version
ms01-004
OPERATING SYSTEMS
Platform
Windows
Operating System
  • Windows 10
  • Windows 2000
Additional Requirements
Windows 2000
POPULARITY
Total Downloads
13,913
Downloads Last Week
0

Report Software

Related Software


User Reviews

5/5

1 User Votes