Microsoft IIS up to 7.5 File Name Tilde Handler privilege escalation

VulDB: Microsoft IIS up to 7.5 File Name Tilde Handler privilege escalation

General

Microsoft

scipID: 5623
Affected: Microsoft IIS up to 7.5
Published: 06/30/2012 (Soroush Dalili & Ali Abbasnejad)
Risk: critical
Entry: 92.9% complete
Created: 07/03/2012
Updated: 07/04/2012

Summary

A vulnerability classified as critical was found in Microsoft IIS up to 7.5. Affected by this vulnerability is an unknown function of the component File Name Tilde Handler. The manipulation with the input value ::$Index_Allocation leads to a privilege escalation vulnerability. As an impact it is known to affect confidentiality, and integrity.

The weakness was presented 06/30/2012 by Soroush Dalili & Ali Abbasnejad as 19527 as document (Exploit-DB). The advisory is shared for download at exploit-db.com. The vendor was not invovled in the public release. The attack can be launched remotely. The exploitation doesn’t need any form of authentication. Technical details and also a public exploit are known. Due to its background and reception, this vulnerability has a historic impact.

An exploit has been developed by Soroush Dalili & Ali Abbasnejad and been published immediately after the advisory. It is declared as proof-of-concept. The exploit is shared for download at exploit-db.com.

It is possible to mitigate the weakness by firewalling Web Server Port. The problem might be mitigated by replacing the product with Apache as an alternative. The best possible mitigation is suggested to be upgrading to the latest version. The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 54251). Additional details are provided at packetstormsecurity.org.