Vulnerability in Microsoft IIS Allows Malicious File Uploads
Nov 12, 2010
A vulnerability has been identified in Microsoft Internet Information Services (IIS) that causes the server to incorrectly handle files with multiple extensions separated by the ";" character. For instance, a file named "malicious.asp;.jpg" is treated as an ASP file. This flaw allows attackers to upload malicious executables to a vulnerable web server, bypassing file extension protections and restrictions. Notably, ASP.Net is NOT affected by this vulnerability. Impact and Versions Affected This vulnerability affects all versions of Microsoft IIS. It works successfully on IIS 6 and earlier versions. IIS 7 has not been tested, but it does not work on IIS 7.5. The vulnerability was discovered in April 2008 but reported in December 2009. Severity and Exploitation The impact on IIS is significant, as attackers can bypass file extension protections using a semi-colon after an executable extension, such as ".asp", ".cer", ".asa",...
