Categories: General
      Date: 29/12/2009
     Title: Notable Microsoft IIS remote-execution vulnerability
Microsoft IIS allows for local file inclusion of any filetype due a bug in the way its filters handle semicolons.

Although this bug is classed as "less critical" by Microsoft, due to its nature when combined with other known vulnerabilities we class it as highly critical and recommend to all our clients running Windows 2003 servers to review their web code to avoid possible website security breaches.

Source: The Register