NT Versions Affected:

4.0

Problem:

Using a telnet application to get to a webserver via HTTP port 80, and typing "GET ../.." <cr> will crash IIS.

This attack causes Dr. Watson to display an alert window and to log an error:

"The application, exe\inetinfo.dbg, generated an application error The error occurred on date@ time The exception generated was c0000005 at address 53984655 (TCP_AUTHENT::TCP_AUTHENT"

Verification: