IIS Escape Character Bug
------------------------

CVE Number: 
CVE-2000-0024

Details:
The version of IIS is vulnerable to directory traversal by encoding the ".."
characters as %1u%1u.

Fix:
It is recommended that IIS be upgraded to the latest version with the latest
security patches applied.

Related URLs:
http://www.microsoft.com/SYSPRO/security/bulletin/ms99-061.asp

$Id: iis-escapechar,v 1.1 2000/11/21 16:44:41 loveless Exp $
