COMMAND

    IIS

SYSTEMS AFFECTED

    Win NT with IIS 4.0

PROBLEM

    Pete Blumenthal found following.  While working with the Microsoft
    IIS 4.0, MS Windows NT  Server 4.0SP3 Stand Alone, and  MS Posting
    Acceptor, he has been able  to repeat in a controlled  manner, IIS
    Switching Users.  When using uploadN.asp or similar form to submit
    upload files to the Posting Acceptor's cpshost.dll using RFC  1867
    (enctype="multipart/form-data")  the  Posting  Acceptor caches all
    ServerVariables (environment  variables) including  the user  name
    and password data  of the first  user to upload  a file since  the
    server was powered on.

    The  second  and  all  subsequent  uses  of  the  Posting Acceptor
    including  use  by  other  users  on  a system, will have the same
    ServerVariables  as  the  first   uploader  during  execution   of
    repost.asp.   This   Includes  Having  the   Same  AUTH_USER   And
    AUTH_PASSWORD  fields.   This  means  that  repost.asp  which   is
    supposed to be used  for processing uploaded files  and displaying
    conformation information, will process the uploaded file with  the
    wrong User Rights, the rights of  the first user to upload a  file
    since boot up.   Stopping and Restarting  IIS, has no  effect, the
    cached ServerVariables remain.

SOLUTION

    User  rights  and  environment  variables  on  pages  other   than
    repost.asp are unaffected.  No other info regarding workaround  or
    fix available right now.