Reported April 18, 2001, by Microsoft.
VERSIONS AFFECTED
-
Microsoft Windows 2000, Windows NT, Windows Me, and Windows 9x
DESCRIPTION
A
flaw with Microsoft’s implementation of WWW Distributed Authoring and
Versioning (WebDAV) runs the
script under the user’s security context. WebDAV
should make a distinction between a user's request and script that a Web Browser
runs, but Microsoft WebDAV does not differentiate the two. An attacker can use
this flaw to browse the user’s intranet or access Web-based email if the
attacker knows certain variables, such as server names, folder structures, and
specific user and network information.
VENDOR RESPONSE
Microsoft has issued security bulletin MS01-022 to address this vulnerability, and has also issued a hotfix that changes the WebDAV implementation to correctly process these scripts.
CREDIT
Discovered
by Microsoft.