Microsoft IIS Authentication Bypass and Source Code Disclosure Vulnerabilities

Microsoft IIS is prone to an authentication-bypass vulnerability and a source-code disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to gain unauthorized access to password-protected resources and view the source code of files in the context of the server process this may aid in further attacks. Microsoft IIS 6.0 and 7.5 are vulnerable other versions may also be affected.