Microsoft IIS ASP Remote Code Execution Vulnerability

Microsoft IIS ASP Remote Code Execution Vulnerability

Microsoft Internet Information Server (IIS) is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

To exploit this issue, attackers must be able to place and execute malicious ASP pages on computers running the affected ASP server software. This may be an issue in shared-hosting environments.

This issue allows remote attackers to execute arbitrary machine code in the context of the affected webserver software.