COMMAND

    IIS (A URL such as http)

SYSTEMS AFFECTED

    NT 4.0

PROBLEM

    This vulnerability was originally presented on:

        www.ntshop.com/security

    and this text or shape of it is their credit.

    URL such as

	http://www.domain.com/scripts/script_name%0A%0D>PATH\target.bat

    will create an output file 'target.bat'.

SOLUTION

    Redirection attacks are  a result of  .BAT and .CMD  file mapping.
    MS made patch available. You  can also disable .CMD and  .BAT file
    mapping (MIME  mapping) so  that the  NT Command  Interpreter will
    not act  on them.  Do this  manually by  using REGEDT32.EXE, which
    can be started from the Start Button | Run.  Under

	HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/W3SVC/Parameters/Script Map

    delete  the  keys  which  start  with  '.BAT' and '.CMD', and then
    restart IIS.