[原文]cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.
Microsoft Site Server 3.0版本中的cphost.dll存在漏洞。远程攻击者可以通过具有超长TargetURL参数文件的HTTP POST导致服务拒绝（磁盘消耗），该漏洞导致站点服务器中止并泄露c:\temp中上传的文件。
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
Microsoft Site Server cphost.dll Malformed File Upload Disk Consumption DoS
Remote / Network Access
Denial of Service
Loss of Availability
Microsoft Site Server contains a flaw that may allow a remote denial of service. The issue is due to the /Sites/Publishing/Users/ directory which has write permissions by default. It is possible for a remote attacker with a valid NT account to arbitrarily upload overly large files and consume all available space on the system drive resulting in a loss of availability.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Remove write access from the directories.