Telnet Session to IIS Causes Access Violation in Inetinfo.exe (160571)


The information in this article applies to:

  • Microsoft Internet Information Server 1.0
  • Microsoft Internet Information Server 2.0
This article was previously published under Q160571
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

SYMPTOMS

If you test a Microsoft Internet Information Server (IIS) with TELNET, and you issue the following command, the server will access violate in Inetinfo.exe:

GET ../..

CAUSE

This is caused by an error in the Internet Information Server code that fails when there is no leading "/".

MORE INFORMATION


Microsoft has confirmed this to be a problem with Microsoft Internet Information Server versions 1.0 and 2.0. This problem was corrected in U.S. Service Pack 2.0 for Microsoft Windows NT 4.0. For information on obtaining the Service Pack, query on the following word in the Microsoft Knowledge Base (without the spaces):

S E R V P A C K

Modification Type:MinorLast Reviewed:6/23/2005
Keywords:kbbug kberrmsg KB160571
©2004 Microsoft Corporation. All rights reserved.