Summary: | When IIS receives a user request to run a script, it renders;the request in a decoded canonical form, then performs;security checks on the decoded request. A vulnerability;results because a second, superfluous decoding pass is;performed after the initial security checks are completed.;Thus, a specially crafted request could allow an attacker to;execute arbitrary commands on the IIS Server. |