Symptoms
A customer has uploaded an ASP script that uses FileSystemObject(FSO) component, which can access the webserver's filesystem, and can cause security violation.
Cause
The security breach is possible if the domain user group IISAnonusers has access to the following folders and files:
C:\
C:\Windows
C:\Windows\Microsoft.NET
C:\Windows\System32\drivers\etc
C:\Windows\System32\inetsrv\Config
C:\Windows\SysWOW64\inetsrv\Config
Resolution
Configure permissions as in KB article #114277
- A request for the above permissions to be assigned automatically was submitted with ID POA-71320