The information in this article applies to:
SYMPTOMSWeb clients that send Common Gateway Interface (CGI) requests to Internet Information Server (IIS) servers using batch files (.bat or .cmd) as CGI applications may gain undesired levels of access to the IIS server. CAUSE
Internet Information Server 1.0 (IIS) allowed the use of batch files as
CGI applications. Using batch files as CGI applications exposed several
security issues in IIS because the batch file processes run in the context
of the full Windows NT console command processor (cmd.exe).
RESOLUTIONObtain the fix referenced below. STATUS
Batch file processing support was removed from the IIS product due to
security concerns.
Additional query words: prodiis
Keywords : kbnetwork kbbug1.00 kbfix3.51 NTSrv iissecurity |
Last Reviewed: May 3, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |