Fixlet Site - VulnerabilitiestoWindowsSystems
Current Version: 174	Published: Thu, 18 Jun 2009 21:21:50  GMT

New Fixlets:
============

***************************************************************
Title: Internet Information Services authentication Bypass vulnerability
Severity: High
Fixlet ID: 602901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6029.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1535
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability."

***************************************************************
Title: Remote Code Execution Vulnerability in Microsoft DirectShow (CVE-2009-1537)
Severity: High
Fixlet ID: 623701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6237.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1537
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009.