Microsoft IIS Unicode .asp Source Code Disclosure Vulnerability

Taken from the VIGILANTE security advisory:

"The Microsoft Security Response Center has investigated the report, but we note that the problem as reported would only affect an IIS server that has been configured to use a FAT volume. However, by design, FAT doesn't provide a security mechanism, and it's never an appropriate file system to use on a production web server. Instead, as discussed in Microsoft's best practices guides and security checklists (, production servers should always use NTFS volumes. The reported problem does not affect systems using NTFS".

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.


Privacy Statement
Copyright 2010, SecurityFocus