I have already reported the problem to Microsoft but never heard back any results of their investigation of the problem.
I've duplicated the problem on the 3 different computers already. But I want to understand how widespread the problem is, so I've created a simple set of tests that anyone can try who is running PWS on their computer. These test involve simply clicking on Web links in this message. If the PWS system administrator pages come up in your Web browser, then a system is likely to be vulnerable.
Here are tests:
Test #1: Is the PWS home page visible?
http://localhost
Test #2: Is the main PWS system administrator page visible?
http://localhost/HtmlaScripts/htmla.dll?http/serv
Test #3: Is the PWS directories page visible?
http://localhost/HtmlaScripts/htmla.dll?http/dir
Test #4: Is the add directory page visible?
http://localhost/HtmlaScripts/htmla.dll?http/diradd
The actually security hole that I found is that a JavaScript macro
goes to the link specified in Test 4 and does an HTML form submit
that maps disk directory C:\ to the HTTP directory C. Once this
is done, a Web browser running on another computer can view and
copy any file on drive C: using the URL http://a.b.c.d/C/ where a.b.c.d
is the IP address of the system that has been compromised.
Clicking on any of the above links is harmless. They simply bring up administrator pages in your Web browser for your viewing only. However if you can see these pages, I believe so can JavaScript in an HTML Email message. Since this message is plain ASCII text it contains no JavaScript that could exploit the security hole.
A work-around to the problem is to turn off JavaScript in your Email reader. Another solution is to move PWS to port other than 80 that outsiders would not know about.