Security Alert - Vulnerability in Internet Information Services Could Allow Elevation of Privilege
Two days ago, a new vulnerability was found in WebDav for IIS, although few have make a big deal out of it, personally I think the impact is 'quite' minimum or at least zero in my environment coz I got no WebDav at all :) LOL... anyway - here is the security advisory from Microsoft. To know more about the vulnerability, you should read this blog post, beside the same basic info you will find over at Microsoft site, it also got a few diagrams to illustrate about the vulnerability and gives you some background about the attack.
The attack is via old folder traversal bug found in previous exploits, the %c0%af which is the encoded UTF-8 for "/" will pass-through the urlscan filter reason being it is a valid chars even though by default % is blocked by urlscan. Anyway - per the detail. IIS 7 is not affected by this and if I remembered correctly (read it somewhere) WebDav in IIS 7 also doesn't allow anonymous write request. However if you are on IIS5.0, 5.1 and 6.0 with WebDav enabled + anonymous access + write permission for anonymous user then you are subjected to this exploit. Come to think about it - if you allowed write permissions for anonymous user :) you are basically waiting to get p@wned!!