IIS extended unicode directory traversal vulnerability

Description

The web server is vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\".

Remediation

Install the latest patches from Microsoft.

References