Microsoft KB Archive/160571

= Telnet Session to IIS Causes Access Violation in Inetinfo.exe =

Article ID: 160571

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Internet Information Server 1.0
 * Microsoft Internet Information Server 2.0

-



This article was previously published under Q160571



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx





SYMPTOMS
If you test a Microsoft Internet Information Server (IIS) with TELNET, and you issue the following command, the server will access violate in Inetinfo.exe:

GET ../..



CAUSE
This is caused by an error in the Internet Information Server code that fails when there is no leading "/".



MORE INFORMATION
Microsoft has confirmed this to be a problem with Microsoft Internet Information Server versions 1.0 and 2.0. This problem was corrected in U.S. Service Pack 2.0 for Microsoft Windows NT 4.0. For information on obtaining the Service Pack, query on the following word in the Microsoft Knowledge Base (without the spaces):

S E R V P A C K

Additional query words: sp2

Keywords: kberrmsg kbbug KB160571

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.