From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_00BA_01C6A65F.4CF90550
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   It would be more than difficult with a default configuration as it =
requires the attacker to have the right to upload an ASP page.  An admin =
has to go out of his way to allow anyone to upload code.

Rich

  "Mike N."  wrote in message =
news:7qacb2dk09mmsk16b96i7t651ig8vr1q4f{at}4ax.com...
  On Thu, 13 Jul 2006 06:19:25 -0400, "Geo"  wrote:

  >I  haven't seen anyone mention it but there are 12 new patches, =
almost all
  >are critical remote code execution type things.

     This is the first report of a remote IIS exploit in a very long =
time. It
  would allow a mass IIS worm.   Difficult to write, but not impossible =
with
  default configurations.
------=_NextPart_000_00BA_01C6A65F.4CF90550
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   It would
be more than =
difficult with a=20
default configuration as it requires the attacker to have the right to = upload an=20
ASP page.  An admin has to go out of his way to allow anyone to = upload=20
code.
 
Rich
 

  "Mike N." <mike{at}u-spam-u-die.net>">mailto:mike{at}u-spam-u-die.net">mike{at}u-spam-u-die.net>
=
wrote in=20
  message news:7qacb2dk09m=
msk16b96i7t651ig8vr1q4f{at}4ax.com...On=20
  Thu, 13 Jul 2006 06:19:25 -0400, "Geo" <georger{at}nls.net>=20">mailto:georger{at}nls.net">georger{at}nls.net>=20
  wrote:>I  haven't seen anyone mention
it but there are =
12 new=20
  patches, almost all>are critical remote code execution type=20
  things.   This is the first report
of a remote IIS =
exploit=20
  in a very long time. Itwould allow a mass IIS worm.   =
Difficult=20
  to write, but not impossible withdefault=20
configurations.

------=_NextPart_000_00BA_01C6A65F.4CF90550--

--- BBBS/NT v4.01 Flag-5