What is the new variant of the “File Fragment Reading Via .HTR” vulnerability?
The original version of this vulnerability was discussed in Microsoft Security Bulletin MS00-031. The new variant simply offers an additional way to exploit the same vulnerability. What would this vulnerability allow a malicious user to do? Microsoft Security Bulletin MS00-031 provides the best description of the vulnerability and the risk it poses. However, in a nutshell, the vulnerability could allow a malicious user to request files from the server, which would then be processed as though they were .HTR files. The result of this could be that parts of the .ASP source code would be sent to the malicious user. In theory, this could expose sensitive data contained in the .ASP files. However, in practice, it’s unlikely that this would occur. The HTR processing tends to remove the very content that would be of most interest to the malicious user. Further, if best practices have been followed, there will be no sensitive information in the file, and hence nothing to compromise. Who should
