IISAdmpwd files
---------------

CVE Number: 
CVE-1999-0407,CVE-2000-0304

Details:
One or more of the htr files were found in the IISAdmpwd virtual directory.
These scriptis can be used to learn information about the user names and 
passwords via brute force. In addition, by supplying malformed data it is
posible to cause Denial of Service to the system.

The file(s) found were one of the following:

  /iisadmpwd/achg.htr
  /iisadmpwd/aexp.htr
  /iisadmpwd/aexp2.htr
  /iisadmpwd/aexp2b.htr
  /iisadmpwd/aexp3.htr
  /iisadmpwd/aexp4.htr
  /iisadmpwd/aexp4b.htr
  /iisadmpwd/anot.htr
  /iisadmpwd/anot3.htr

Fix:
It is recommended that the virtual directory be removed from the system. If
the htr files are truly required, at least install the patch outlined in the
Microsoft link below.

Related URLs:
http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00356.html
http://www.securityfocus.com/bid/1191
http://www.microsoft.com/technet/security/bulletin/ms00-031.asp

$Id: htr,v 1.1 2000/11/06 15:34:17 loveless Exp $
