Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2000-01

Bugtraq Archives: Re: MS IIS 5.0 Access Violation on handling U

Re: MS IIS 5.0 Access Violation on handling URL String

Subject: Re: MS IIS 5.0 Access Violation on handling URL String
From: Michael Howard (mikehowMICROSOFT.COM)
Date: Mon Jan 17 2000 - 19:31:15 CST

Next message: William J Husler: "Re: TB2 Pro sending NT passwords cleartext"
Previous message: Firstname Lastname: "Re: Altavista Free Internet Security"
Maybe in reply to: Lark Lizerman: "MS IIS 5.0 Access Violation on handling URL String"
Next in thread: Michael Howard: "Re: MS IIS 5.0 Access Violation on handling URL String"
Maybe reply: Michael Howard: "Re: MS IIS 5.0 Access Violation on handling URL String"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

this is by design - the call inside iis is wrapped in an exception
handler and reporting the error. kinda like this:

try {
    char *pF = NULL;
    *pF = "Hello, there!";
} catch {
    // oops! there was an error
}

Cheers, Michael Howard
Windows 2000 Security
Got an 'Access Denied' problem? Check the appropriate logs first!

-----Original Message-----
From: Lark Lizerman [mailto:webmasterDOC2000.DE]
Sent: Thursday, January 13, 2000 7:06 PM
To: BUGTRAQSECURITYFOCUS.COM
Subject: MS IIS 5.0 Access Violation on handling URL String

Description:

MS IIS 5.0 has problems handling a specific form of URL ending with
"ida".
The extension ida has been taken from the Bugtraq posting "IIS revealing
webdirectories"
The problem causes 2 kind of results.
The one result is that the server responds with a message like
"URL String too long"; "Cannot find the specified path"

The other error causes the server to terminate with an Access Violation.
When the server "Access violates" it displays as last message:

File
d:\http\................................................................
........................................................................
........................................................................
............................................???????.
Error 0xc0000005 caught while processing query

<snip>

application/x-pkcs7-signature attachment: smime.p7s

Next message: William J Husler: "Re: TB2 Pro sending NT passwords cleartext"
Previous message: Firstname Lastname: "Re: Altavista Free Internet Security"
Maybe in reply to: Lark Lizerman: "MS IIS 5.0 Access Violation on handling URL String"
Next in thread: Michael Howard: "Re: MS IIS 5.0 Access Violation on handling URL String"
Maybe reply: Michael Howard: "Re: MS IIS 5.0 Access Violation on handling URL String"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Tue Jan 18 2000 - 16:23:31 CST