Oval Definition:oval:org.mitre.oval:def:1018
Revision Date:2007-08-02Version:15
Title:Windows NT IIS Directory Traversal Command Execution (Test 2)
Description:Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2001-0333
Platform(s):Microsoft Windows NT
Product(s):Microsoft Internet Information Server (IIS)
Definition Synopsis
  • IIS 4.0 Major Version
  • AND IIS minor version equals 0
  • AND File %windir%\System32\w3svc.dll is less than 4.2.764.1
  • AND NOT Patch Q295534 Installed
  • AND NOT Patch Q301625 Installed
    • BACK