Microsoft KB Archive/246401
Article ID: 246401
Article Last Modified on 9/4/2007
- Microsoft Internet Information Server 4.0
- Microsoft Site Server 3.0 Standard Edition
- Microsoft Windows NT 4.0 Service Pack 6
- Microsoft Windows NT 4.0 Service Pack 3
- Microsoft Windows NT 4.0 Service Pack 4
- Microsoft Windows NT 4.0 Service Pack 5
This article was previously published under Q246401
RFC 1738 specifies that Web Servers should allow hexadecimal digits to be input in URLs by preceding them with the so-called "escape" character, a percent sign.
Microsoft Internet Information Server (IIS) complies with the RFC 1738 specification, but also accepts characters after the percent sign that are not hexadecimal digits. Some of these translate to printable ASCII characters, and this could provide an alternate means of specifying files in URLs.
It is possible when using the Internet Database Connector (IDC) to create links, or you are using the return value arguments passed to other documents. When this happens you may be unable to pass arguments that contain spaces.
IIS 4.0 may improperly translate non-hexadecimal characters preceded by a percent sign. For example %3p is translated into an \\\"I\\\".
The vulnerability does not affect IIS; even specifying a file name through this alternate method does not bypass IIS access controls. However, third-party software that runs atop IIS but does not perform canonicalization, is affected by it.
Windows NT 4.0
The following files are available for download from the Microsoft Download Center:
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
Microsoft Windows NT Server version 4.0, Terminal Server Edition
To resolve this problem, obtain the Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package (SRP). For additional information about the SRP, click the article number below to view the article in the Microsoft Knowledge Base:
317636 Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package
Microsoft has confirmed that this is a problem in Internet Information Server 4.0.
For related information about this problem, please visit the following Microsoft Web site:
For additional security-related information about Microsoft products, please visit the following Microsoft Web site:
Additional query words: iisscript asp iiswww iisvirtual security_patch tsesrp
Keywords: kbhotfixserver kbqfe kbbug kbfix kbsecurity KB246401