CVE-2006-6578 (internet_information_services)

Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using when it is in a web directory with certain permissions.

View Full Alert

Leave a Reply