COMMAND
ODBC
SYSTEMS AFFECTED
Windows NT/95/98
PROBLEM
Chris Knipe found following. The attack is HTML based and should
proove quite interesting on web sites that uses DSN or DBQ methods
of connecting to SQL or (The easiest to attack) Microsoft ACCESS
Databases. Some comsidere it a design flaw more than a bug. The
issue doesn't actually lock the inetinfo process, instead ASP
pages that utilize a ODBC connection will not execute. HTML
requests serviced by the same process will function. When this
issue arises, open up the performance monitor and look at the
Active Server Page "Requests Queued" value. This value, which is
normally at zero, will be at a very high value. What has
essentially happened is that no more ODBC connections are
available and each execution of the problematic ASP code is
queued, waiting for the ODBC resource to become available. This
resource will never become available because it has not been
closed. This is caused by failure to close the connection in the
ASP code. You run out of ODBC connections.
A method is available to "lock up" the entire IIS Server, which
will render any installed applications under the Windows NT
Option Pack useless. All web based applications (IIS Admin
Services, Web Publishing Services, and possible others) will lock
up and stop responding to any web requests, or any control
requests to stop or start such services. The vulnerability could
potentially allow a malicious web site developer to perform
actions under the ASP Programming language to render the web
server useless to local control, or content requests.
The Microsoft ODBC Database connectivity allows for a potential
flaw in the connecting and disconnecting from databases (More
related to Microsoft ACCESS databses than any other). Connecting
to a second database without disconnecting the first could
possibly render the service useless and will end up in the
Administrator to reboot the server to regain control of such
services.
How more wildly database connections are made, how better the
chances of hitting the hole and attacking the system. The risk
posed by this vulnerability is significantly restricted by the
fact that the affected database connection may be configured to
"run in a seperate memory block" or have special settings on the
database that "might" secure this vulnerability from accuring.
HOWEVER, in the most common installation and programming methods,
it is quite possible to still have an effective system.
Consider the following scenario:
- ODBC Connection Source Name: miscdb
- ODBC DataBase Type: MS Access
- ODBC Path: d:\data\misc.mdb
ASP Programming:
<%
set connVB = server.createobject("ADODB.Connection")
connVB.open "DRIVER={Microsoft Access Driver (*.mdb)}; DSN=miscdb"
%>
<html>
<body>
...lots of html removed...
<!-- We Connect to DB1 -->
<%
set connGlobal = server.createobject("ADODB.Connection")
connGlobal.Open "DSN=miscdb;User=sa"
mSQL = "arb SQL Statement"
set rsGlobal = connGlobal.execute(mSQL)
While not rsGlobal.eof
Response.Write rsGlobal("resultfrommiscdb")
rsGlobal.movenext
wend
'rsGlobal.close
'set rsGlobal = nothing
'connGlobal.close
'set connGlobal = nothing
' Note we do NOT close the connection
%>
<!-- Call the same database by means of DBQ direct file access -->
<%
set connGlobal = server.createobject("ADODB.Connection")
connGlobal.Open "DRIVER={Microsoft Access Driver (*.mdb)};
DBQ=d:\data\misc.mdb"
mSQL = "arb SQL Statement"
set rsGlobal = connGlobal.execute(mSQL)
While not rsGlobal.eof
Response.Write rsGlobal("resultfrommiscdb")
rsGlobal.movenext
wend
rsGlobal.close
set rsGlobal = nothing
connGlobal.close
set connGlobal = nothing
' Note we DO close the connection
%>
In some cases, this will stall the IIS process, and CPU usage
will jump to 100% utilization by the inetinfo.exe process. To
current date, the only solution to my knowledge is to restart the
computer.
The attack is very "unpredictable". By unpredictable, we mean
that the exact same code may work perfectly for 15 days, then all
of a sudden, cpu usagage will jump to 100% and the inetinfo
process will be locked.
Affected Version:
- ODBC Version: 3.510.3711.0
- ODBC Access Driver Version: 3.51.1029.00
- OS Version: Windows NT 4.0 Service Pack 5, IIS 4.0 (i386)
- Microsoft Office 97 Professional (MSO97.dll: 8.0.0.3507)
The complete ASP page from the site with affective inetinfo.exe
lockage is below. The single DSN connection revlected in the
relavent ASP source is a SQL Server, and hardly ever gives
problems. The second database, is directly connecting (DBQ) to a
Microsoft ACCESS database. NTFS File permissions is suffiecent
for the test reasons, and no security related problems are noted
in the tests. The attached ASP file locks up 90% of the time.
SQL Table Properties:
Table Name: History_Today
Table Layout:
Name: Type: Size:
his_month int 4
his_day int 4
his_year int 4
his_desc varchar 200
his_type varchar 1
Table Name: Holidays
Table Layout:
Name: Type: Size:
Month int 4
Day int 4
Holiday int 200
default.asp:
<% Response.Buffer = True %>
<% mTitleColor = "DARKRED"
mHeaderColor = "DARKBLUE"
mYearColor = "DARKGREEN"
mTextColor = "BLACK"
mTitle = "2000 Years In History: "
mBaseDir = "/votes/"
mAnswerDir = "answer.asp"
mResultsDir = "results.asp"
mVoteBoothDir = "default.asp"
set connVB = server.createobject("ADODB.Connection")
connVB.open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=D:\inetpub\data\votes.mdb"
set rsQuestList = connVB.Execute("SELECT qID, qQuestion, qDate from Question order by qID")
mQNo = 0
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="GENERATOR" content="Microsoft FrontPage 3.0">
<link rel="STYLESHEET" type="text/css" href="/style.css">
<script language="JavaScript" src="/global.js"></script>
<title>SunnyLine Internet Services</title>
<meta name="Microsoft Border" content="lb, default"></head>
<body ALINK="#FF0000" topmargin="0" leftmargin="0"><!--msnavigation--><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td valign="top" width="1%">
<table align="left" valign="top" border="0" cellpadding="0" cellspacing="0" width="150" bgcolor="#666699" height="100%">
<tr>
<td align="left" valign="top" nowrap bgcolor="#666699"><div align="left"><table border="0" cellpadding="0" cellspacing="0">
<tr>
<td><form ACTION="/search/search.asp" method="POST">
<p><input NAME="SearchString" SIZE="15" MAXLENGTH="100" value="Search"><input TYPE="submit" NAME="Action" VALUE="Go" class="button"> </p>
</form>
</td>
</tr>
<tr>
<td><form ACTION="/default.asp" METHOD="POST">
<p><select NAME="url" ONCHANGE="pageSelector(this.form);" size="1">
<option value="#">SELECT A TOPIC </option>
<option value="#">-------------- </option>
<option value="/">HOME</option>
<option value="/forums/"> > Web Forums</option>
<option value="/links/"> > Web Links</option>
<option value="/votes/"> > Voting Booth</option>
<option value="/net/thebest.asp"> > The Best Of The Net</option>
<option value="/support/">SUPPORT</option>
<option value="/support/dialup/settings.asp"> > Dialup Settings</option>
<option value="/support/tcpip/settings.asp"> > TCP/IP Settings</option>
<option value="/support/proxy/settings.asp"> > Proxy Settings</option>
<option value="/support/check.asp"> > Check Your Settings</option>
<option value="/support/faq.asp"> > F.A.Q</option>
<option value="/support/pops.asp"> > POP Numbers</option>
<option value="/support/network.asp"> > Network Statistics</option>
<option value="/services/dialup/">REMOTE ACCESS</option>
<option value="/services/dialup/"> > Dialup Access</option>
<option value="/services/dialup/vras/"> > V-RAS Dialup Access</option>
<option value="/services/hosting/">HOSTING</option>
<option value="/services/hosting/shared.asp"> > Shared Server Hosting</option>
<option value="/services/hosting/dedicated.asp"> > Dedicated Server Hosting</option>
<option value="/services/hosting/secure.asp"> > Secure Server Hosting</option>
<option value="/services/corporate/">CORPORATE ACCESS</option>
<option value="/services/corporate/leased.asp"> > Leased Lines</option>
<option value="/services/corporate/isdn.asp"> > ISDN Lines</option>
<option value="/services/corporate/isdnbackup.asp"> > ISDN Backup Lines</option>
<option value="/services/corporate/vpn.asp"> > Virtual Private Networks</option>
<option value="/services/corporate/guaranteedb.asp"> > Guaranteed Int. Bandwidth</option>
<option value="/services/corporate/ahb.asp"> > After Hours Bandwidth</option>
<option value="/services/corporate/multi.asp"> > Multi Homing</option>
<option value="/services/corporate/domains.asp"> > Domain Registrations</option>
<option value="/services/personal/">PERSONAL ACCESS</option>
<option value="/services/personal/leased.asp"> > Leased Lines</option>
<option value="/services/personal/isdn.asp"> > ISDN Lines</option>
<option value="/services/personal/domains.asp"> > Domain Registrations</option>
<option value="/security/">SECURITY SERVICES</option>
<option value="/security/firewall.asp"> > Firewalls</option>
<option value="/security/auth.asp"> > Authentication</option>
<option value="/security/vpn.asp"> > Virtual Private Networks</option>
<option value="/security/audit.asp"> > Audits & Assesments</option>
<option value="/security/content.asp"> > Content Security</option>
<option value="/security/bandwidth.asp"> > Bandwidth Management</option>
<option value="/security/intrusion.asp"> > Intrusion Detection</option>
<option value="/security/encryption.asp"> > Encryption Solutions</option>
<option value="/security/public.asp"> > Public Key Infrastructure</option>
<option value="/about/">ABOUT SUNNYLINE</option>
<option value="/about/info/"> > Company Information</option>
<option value="/about/media/"> > Media Center</option>
<option value="/about/contact/"> > Contact Information</option>
</select></p>
</form>
</td>
</tr>
</table>
</div><div align="left"><table border="0" cellspacing="0" cellpadding="0" width="178">
<tr>
<td valign="top" align="right" width="18"><img SRC="images/minus.gif" BORDER="0"></td>
<td valign="top" align="left" width="160"><b>Home</b></td>
</tr>
<tr>
<td valign="top" align="right" width="18"><img src="images/spacer.gif" width="1" height="1" border="0"></td>
<td valign="top" align="left" width="160"><a href="/forums/" class="link">Web Forums</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/links/" class="link">Web Links</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/votes/" class="link">Voting Booth</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/net/thebest.asp" class="link">The Best
Of The Net</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"><img SRC="images/minus.gif" BORDER="0"></td>
<td valign="top" align="left" width="160"><b>Support</b></td>
</tr>
<tr>
<td valign="top" align="right" width="18"><img src="images/spacer.gif" width="1" height="1" border="0"></td>
<td valign="top" align="left" width="160"><a href="/support/dialup/settings.asp" class="link">Dialup Settings</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/support/tcpip/settings.asp" class="link">TCP/IP Settings</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/support/proxy/settings.asp" class="link">Proxy Settings</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/support/check.asp" class="link">Check Your Settings</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/support/faq.asp" class="link">F.A.Q</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/support/pops.asp" class="link">POP
Numbers</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/support/network.asp" class="link">Network
Statistics</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"><img SRC="images/minus.gif" BORDER="0"></td>
<td valign="top" align="left" width="160"><b>Remote Access</b></td>
</tr>
<tr>
<td valign="top" align="right" width="18"><img src="images/spacer.gif" width="1" height="1" border="0"></td>
<td valign="top" align="left" width="160"><a href="/services/dialup/" class="link">Dialup Access</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/dialup/vras/" class="link">V-RAS
Dialup Access</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"><img SRC="images/minus.gif" BORDER="0"></td>
<td valign="top" align="left" width="160"><b>Hosting</b></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/hosting/shared.asp" class="link">Shared Server Hosting</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/hosting/dedicated.asp" class="link">Dedicated Server Hosting</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/hosting/secure.asp" class="link">Secure Server Hosting</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"><img SRC="images/minus.gif" BORDER="0"></td>
<td valign="top" align="left" width="160"><b>Corporate Access</b></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/corporate/leased.asp" class="link">Leased Lines</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/corporate/isdn.asp" class="link">ISDN Lines</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/corporate/isdnbackup.asp" class="link">ISDN Backup Lines</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/corporate/vpn.asp" class="link">Virtual Private Networking</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/corporate/guaranteedb.asp" class="link">Guaranteed Int. Bandwidth</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/corporate/ahb.asp" class="link">After Hours Bandwidth</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/corporate/multi.asp" class="link">Multi Homing</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/corporate/domains.asp" class="link">Domain Registrations</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"><img SRC="images/minus.gif" BORDER="0"></td>
<td valign="top" align="left" width="160"><b>Personal Access</b></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/personal/leased.asp" class="link">Leased Lines</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/personal/isdn.asp" class="link">ISDN Lines</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/personal/domains.asp" class="link">Domain Registrations</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"><img SRC="images/minus.gif" BORDER="0"></td>
<td valign="top" align="left" width="160"><b>Security Services</b></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/security/firewall.asp" class="link">Firewalls</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/security/auth.asp" class="link">Authentication</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/security/vpn.asp" class="link">Virtual Private Networks</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/security/audit.asp" class="link">Audits & Assessments</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/security/content.asp" class="link">Content Security</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/security/bandwidth.asp" class="link">Bandwidth Management</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/security/intrusion.asp" class="link">Intrusion Detection</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/security/encryption.asp" class="link">Encryption Solutions</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/services/security/public.asp" class="link">Public Key Infrastructure</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"><img SRC="images/minus.gif" BORDER="0"></td>
<td valign="top" align="left" width="160"><b>About SunnyLine</b></td>
</tr>
<tr>
<td valign="top" align="right" width="18"><img src="images/spacer.gif" width="1" height="1" border="0"></td>
<td valign="top" align="left" width="160"><a href="/about/info/" class="link">Company
Information</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/about/media/" class="link">Media
Center</a></td>
</tr>
<tr>
<td valign="top" align="right" width="18"></td>
<td valign="top" align="left" width="160"><a href="/about/contact/" class="link">Contact Information</a></td>
</tr>
</table>
</div></td>
</tr>
<tr>
<td height="100%" valign="top" align="center"><img src="images/spacer.gif" width="50" height="50"></td>
</tr>
</table>
<p> </p>
</td><td valign="top" width="24"></td><!--msnavigation--><td valign="top">
<div align="left">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td width="83%"><img src="sunlogo.gif" width="306" height="59" border="0"></td>
<td width="17%" align="right" valign="top"><%=20
Response.Write tolongMonth(datepart("m", date())) & " " & datepart("d", date()) & ", " & datepart("yyyy", date())
Response.Write "<br>"
set connGlobal = server.createobject("ADODB.Connection")
connGlobal.Open "DSN=SunnyLine;User=sa"
mSQL = "SELECT Month, Day, Holiday FROM Holidays " & _
" WHERE Day = " & Day(date()) & _
" AND Month = " & Month(date()) & _
" ORDER BY Holiday "
set rsGlobal = connGlobal.execute(mSQL)
While not rsGlobal.eof
Response.Write rsGlobal("Holiday")
rsGlobal.movenext
wend
rsGlobal.close
set rsGlobal = nothing
connGlobal.close
set connGlobal = nothing
%>
</td>
</tr>
</table>
</div>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td valign="top" align="left" width="220"><span class="head1">In The News:</span><u><strong><br>
</strong></u>
<applet CODE="CoolHeadLines.class" NAME="CoolHeadLines" CODEBASE="/applets/" WIDTH="220" HEIGHT="90">
<param name="BackColor" value="255 255 255">
<param name="HiliteTextColor" value="60 179 113">
<param name="MessageDelay" value="4">
<param name="ScrollDelay" value="10">
<param name="TextColor" value="0 0 0">
<param name="URLPrefix" value="<%=GetPrefixValue()%>"><% ListParams %>
</applet>
</td>
<td valign="top" align="left"><p class="head1">Voting Polls:</p>
<table ALIGN="CENTER" CELLPADDING="5" WIDTH="100%">
<% do while not rsQuestList.eof=20
mQNo = mQNo + 1 %>
<tr>
<td VALIGN="CENTER"><form ACTION="<% =mBaseDir & mAnswerDir%>" METHOD="POST">
<input type="hidden" name="mAnswerDir" value="<% =mAnswerDir %>"><input type="hidden" name="mResultsDir" value="<% =mResultsDir %>"><input type="hidden" name="mBaseDir" value="<% =mBaseDir %>"><input type="hidden" name="mVoteBoothDir" value="<% =mVoteBoothDir %>"><input type="hidden" name="mQuestion" value="<%=rsQuestList("qID") %>"><input type="hidden" name="mNumber" value="<% =mQNo %>"><<input type="submit" value="<% =chr(64 + cint(mQNo)) %>. " class="button"> <
</form>
</td>
<td VALIGN="BOTTOM"><% response.write rsQuestList("qQuestion") & "</td></tr>"
rsQuestList.movenext
Loop
%>
</td>
</tr>
</table>
<%
rsQuestList.Close
set rsQuestList = Nothing
connVB.Close
set connMB = Nothing
%>
</td>
</tr>
</table>
<p><%
set connGlobal = server.createobject("ADODB.Connection")
connGlobal.Open "DSN=SunnyLine;User=sa"
mSQL = "SELECT his_type, his_year, his_desc FROM History_Today " & _
" WHERE his_day = " & Day(date()) & _
" AND his_month = " & Month(date()) & _
" ORDER BY his_type, his_year "
set rsGlobal = connGlobal.execute(mSQL)
response.write "<FONT COLOR = " & mTitleColor & " SIZE = '+1'><b>" & mTitle & _
"</b></FONT><br><br>"
response.write "<FONT COLOR = " & mHeaderColor & "><b>Birthdays:</b></FONT>"
mType = "B"
response.write "<table WIDTH = '100%'>"
while not rsGlobal.eof
if rsGlobal("his_type") <> mType then
mType = "E"
response.write "</table><br><FONT COLOR = " & mHeaderColor & "><b>Events:</b></FONT>"
response.write "<table WIDTH = '100%'>"
end if
response.write "<TR VALIGN = TOP><td ALIGN = RIGHT WIDTH = '5%'><FONT COLOR = " & _
mYearColor & " SIZE = '-1'><b> " & rsGlobal("his_year") & "</b></font></td>"
response.write "<td WIDTH = '95%'><FONT COLOR = " & mTextColor & " SIZE = '-1'>" & rsGlobal("his_desc") & "</FONT></td></tr>"
rsGlobal.movenext
wend
response.write "</table>"
rsGlobal.close
set rsGlobal = nothing
connGlobal.close
set connGlobal = nothing
%>
<!--msnavigation--></td></tr><!--msnavigation--></table><!--msnavigation--><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td>
<div align="center"><center>
<table border="0" cellpadding="0" cellspacing="0" width="562">
<tr>
<td align="center" width="462"><p align="center"><img src="images/linux_ride.gif" WIDTH="460" HEIGHT="55"></td>
</tr>
<tr>
<td align="center" width="462"><p align="center"><img src="images/button_rp7.gif" WIDTH="88" HEIGHT="32"><img src="images/ie_horiz.gif" WIDTH="88" HEIGHT="31"></td>
</tr>
<tr>
<td align="center" width="462"><p align="center"><span class="nonu">=A92000 SunnyLine
Internet Services.</span></td>
</tr>
</table>
</center></div>
<p> </p>
</td></tr><!--msnavigation--></table></body>
</html>
<%
Function toLongMonth(pInInteger)
mMonth = "Not Found"
if isNumeric(pInInteger) then
select case pInInteger
case 1: mMonth = "January"
case 2: mMonth = "February"
case 3: mMonth = "March"
case 4: mMonth = "April"
case 5: mMonth = "May"
case 6: mMonth = "June"
case 7: mMonth = "July"
case 8: mMonth = "August"
case 9: mMonth = "September"
case 10: mMonth = "October"
case 11: mMonth = "November"
case 12: mMonth = "December"
end select
end if
toLongMonth = mMonth
End Function
Function GetPrefixValue
Dim strFullPath, strLastChar
strFullPath = "http://"
strFullPath = strFullPath & Request.ServerVariables("SERVER_NAME")
strFullPath = strFullPath & Request.ServerVariables("PATH_INFO")
strLastChar = ""
Do Until strLastChar = "/"
strLastChar = right(strFullPath, 1)
strFullPath = left(strFullPath, len(strFullPath) - 1)
Loop
GetPrefixValue = strFullPath
End Function
Sub ListParams
On Error Resume Next
Dim fso, prFile, intFileNum, strTitle, strLink,strCategory
intFileNum = 0
Set fso = Server.CreateObject("Scripting.FileSystemObject")
Set prFile = fso.OpenTextFile(Server.MapPath("pr/prFileList.txt"))
If Err.Number <> 0 Then
Exit Sub
End If
Do Until prFile.AtEndOfStream
strTitle = Chr(34) & prFile.ReadLine & Chr(34)
If prFile.AtEndOfStream Then Exit Do
strLink = Chr(34) & prFile.ReadLine & Chr(34)
strCategory = prFile.ReadLine
response.write "<PARAM NAME=Text" & intFileNum & " VALUE=" & strTitle & ">" & Chr(13)
response.write "<PARAM NAME=URL" & intFileNum & " VALUE=" & strLink & ">" & Chr(13)
intFileNum = intFileNum + 1
Loop
Response.Write "<PARAM NAME=NumItems VALUE=" & intFileNum & ">" & Chr(13)
End Sub
%>
SOLUTION
Microsoft has been informed about the suspecious behaviour of
ACCESS and ODBC Database Connectivity.