Tutorial - Vulnerable Web Server (UNICODE)
Vulnerable Web Server (UNICODE)
Impact
Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\".
Unauthenticated users may access any known file in the context of the IUSR_machinename account. The IUSR_machinename account is a member of the Everyone and Users groups by default, therefore, any file on the same logical drive as any web-accessible file that is accessible to these groups can be deleted, modified, or executed.
Successful exploitation would yield the same privileges as a user who could successfully log onto the system to a remote user possessing no credentials whatsoever.
It has been discovered that a Windows 98 host running Microsoft Personal Web Server is also subject to this vulnerability.
Resolution
The patch released with the advisory MS00-057 (http://www.microsoft.com/technet/security/bulletin/ms00-057.asp) eliminates this vulnerability, therefore those who have already applied this patch do not have to take any further action.
Reference
www.securityfocus.com/bid/1806