Microsoft Information for VU#264272

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "%3F+.htr"

Status

Affected

Vendor Statement

Microsoft has released Microsoft Security Bulletin MS01-004.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Note that there are two other variants of this vulnerability which are described in VU#35085/MS00-031 and VU#28565/MS01-004 respectively.

If you have feedback, comments, or additional information about this vulnerability, please send us email.