Microsoft IIS ASP Remote Code Execution Vulnerability

"Microsoft Internet Information Server (IIS) is prone to a remote
code-execution vulnerability because it fails to properly bounds-check
user-supplied input before copying it to an insufficiently sized memory
buffer.

To exploit this issue, attackers must be able to place and execute malicious
ASP pages on computers running the affected ASP server software. This may
be an issue in shared-hosting environments.

This issue allows remote attackers to execute arbitrary machine code in the
context of the affected webserver software."

http://www.securityfocus.com/bid/18858/discuss

-- Imhotep