These indicate that an attack using the RDS exploit is viable on the NT IIS server

These indicate that an attack using the RDS exploit is viable on the NT
IIS server


. Vulnerability found on port www (80/tcp) :
The webserver is likely vulnerable to a common IIS exploit from a
hacker
called ’Rain Forest Puppy’. This exploit enables an attacker to
execute
_ANY_
command on the server with Administrator Privileges. The exploit
is made
possible
via a buffer overflow in /msadc/msadcs.dll
See BUGTRAQ ID 529 on www.securityfocus.com
(http://www.securityfocus.com/bid/529)
for more information.
Risk factor :
High
. Vulnerability found on port www (80/tcp) :
Some of the following sample files are present :
/iissamples/issamples/fastq.idq
/iissamples/issamples/query.idq
/iissamples/exair/search/search.idq
/iissamples/exair/search/query.idq
/iissamples/issamples/oop/qsumrhit.htw?CiWebHitsFile=/iissamples/

issamples/oop/qsumrhit.htw&CiRestriction=none&CiHiliteType=Full
/iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/iissamples/
issamples/oop/qfullhit.htw&CiRestriction=none&CiHiliteType=Full
/scripts/samples/search/author.idq
/scripts/samples/search/filesize.idq
/scripts/samples/search/filetime.idq
/scripts/samples/search/queryhit.idq
/scripts/samples/search/simple.idq
/iissamples/exair/howitworks/codebrws.asp
/iissamples/issamples/query.asp
They all contain various security flaws that allows a
cracker to execute arbitrary commands, read arbitrary files
or gain more knowledge about the remote system.
Solution : delete the whole /iissamples directory
Risk factor : High