Third Party Software Affected by IIS "Escape Character Parsing" V

From: Microsoft Product Security Response Team (secureat_private)
Date: Tue Dec 28 1999 - 10:27:05 PST

Next message: aslat_private: "Trend Micro InterScan VirusWall SMTP bug"

Previous message: Steven Alexander: "Remote DoS/Access Attack in Internet Anywhere Mail Server(POP 3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All -

A recent posting to BugTraq asked why we didn't identify specific
third-party software products that are affected by the "Escape Character
Parsing" vulnerability
(http://www.microsoft.com/Security/Bulletins/ms99-061.asp).  Although we do
try to provide as much information regarding security vulnerabilities as
possible, we simply can't provide information like this without the consent
of the third-party vendors.  Even if we could provide a list of third-party
products that are known to be affected by the vulnerability, it would become
obsolete almost immediately as new versions of the products are released.

The safest course of action is to apply the patch if you are running any
third-party software atop IIS.  This will ensure that your system is
protected, regardless of the third-party software you're using now or in the
future.  Regards,

Secureat_private

Next message: aslat_private: "Trend Micro InterScan VirusWall SMTP bug"
Previous message: Steven Alexander: "Remote DoS/Access Attack in Internet Anywhere Mail Server(POP 3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:23:53 PDT