oval:org.mitre.oval:def:37

Definition Id: oval:org.mitre.oval:def:37

Oval ID:	oval:org.mitre.oval:def:37
Title:	Windows NT IIS Directory Traversal Command Execution (Test 1)
Description:	Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2001-0333	Version:	1
Platform(s):	Microsoft Windows NT	Product(s):	Microsoft Internet Information Server (IIS)
Definition Synopsis:
IIS 4.0 Major Version AND IIS minor version equals 0 AND NOT this is an NT Terminal Server AND File %windir%\system32\inetsrv\ism.dll version is less than 4.2.764.1 AND NOT Patch Q295534 Installed AND NOT Patch Q301625 Installed AND NOT Patch Q319733 Installed AND NOT Patch Q327696 Installed AND NOT Patch Q811114 Installed AND NOT Windows NT 4.0 Security Roll-up Package