IIS extended unicode directory traversal vulnerability

Description
  • The web server is vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\".
Remediation
  • Install the latest patches from Microsoft.
References