Microsoft Internet Information Services ASP Remote Code Execution Vulnerability

Microsoft Internet Information Services ASP Remote Code Execution Vulnerability

Proof-of-concept information is available. Please see 'Exploiting IIS via HTMLEncode (MS08-006)' in the references section for more information.

The following proof of concept is available to members of the Immunity Partners Program:

https://www.immunityinc.com/downloads/immpartners/iisasp.py

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.