COMMAND

    Personal Web Server

SYSTEMS AFFECTED

    Personal Web Server

PROBLEM

    Dinos Pastos found following.   He pointed out that while  testing
    his Default installation of Windows 98 running Microsoft  Personal
    Web Server that came with  the Windows98 SE CD he  discovered that
    the  famous  IIS  4/5  Unicode  Directory  Traversal Vulnerability
    applies also to this  Server just as bad  as in IIS.   The exploit
    method is the same:

        http://PWS-server/scripts/..%c1%9c../windows/notepad.exe

SOLUTION

    According to MS, Personal Web  Server is, of course, not  intended
    to host web sites on the Internet.  It's only intended to be  used
    in protected environments such as home networks and the like.   If
    you're hosting an  Internet site, IIS  is the appropriate  product
    to use.

    Interesting, because  your web  site says  specifically that  both
    Personal  Web  Server  and  Peer  Web  Services  CAN  be  used for
    Internet-accessible web sites.