COMMAND

    IIS (truncate)

SYSTEMS AFFECTED

    Win NT 4.0

PROBLEM

    This vulnerability was originally presented on:

        www.ntshop.com/security

    and this text or shape of it is their credit.

    A URL such as:

        http://www.domain.com/scripts/exploit.bat>PATH\target.bat

    will create a file 'target.bat'.

    If the file 'target.bat' exists, the file will be truncated.

SOLUTION

    Truncation attacks  are a  result of  .BAT and  .CMD file mapping.
    MS made patch available. You  can also disable .CMD and  .BAT file
    mapping (MIME  mapping) so  that the  NT Command  Interpreter will
    not act  on them.  Do this  manually by  using REGEDT32.EXE, which
    can be started from the Start Button | Run.  Under

        HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/W3SVC/Parameters/Script Map

    delete  the  keys  which  start  with  '.BAT' and '.CMD', and then
    restart IIS.