Vulnerability Team

Microsoft Internet Information Services (IIS) is prone to a vulnerability that lets attackers execute arbitrary code. The problem occurs because IIS fails to properly sanitize user-supplied input when parsing directory names.

An attacker may leverage this issue to execute arbitrary script code on an affected computer in the context of the webserver process.

Microsoft IIS 6.0 is vulnerable; other versions may also be affected.

REFERENCIA DE LA VULNERABILIDAD 


Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com