MS IIS/PWS Escaped Characters Decoding Command Execution Vulnerability

We have conflicting reports regarding whether installing Windows 2000 SP2 after the patch (Q293826_W2K_SP3_x86_en) for this issue has been applied will re-expose this vulnerability. Although Microsoft has not confirmed the re-exposure of this issue, administrators should consider re-applying the patch.

Microsoft has released a patch that recitifies this issue.

Adriano Maia <> has provided a vulnerability check tool, which is available for download in the reference section.

Microsoft IIS 4.0

Microsoft IIS 5.0


Privacy Statement
Copyright 2010, SecurityFocus