Description
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP eCommerce 'collected_data[]' SQL Injection (3.8.4)
WordPress Plugin WP-DBManager Arbitrary File Deletion (2.79.1)
Drupal Core 4.6.x Cross-Site Request Forgery (4.6.0 - 4.6.9)
WordPress Plugin YITH WooCommerce Product Add-Ons Security Bypass (1.5.21)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2922)