Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability

Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability

Microsoft IIS is prone to an authentication-bypass vulnerability due to its implementation of 'Hit-highlighting' functionality.

Attackers can exploit this issue to access private files hosted on an IIS website. Successful exploits may allow attackers to gain access to potentially sensitive information. Other attacks are possible.

NOTE: Presumably, accessing a Trusted Zone may allow attackers to execute commands; this has not been confirmed.