"Putting the right type of malicious code into a page request
can cause IIS to crash, or worse, let an attacker run whatever
programming code he wants.
"Firas Bushnaq, CEO of Eeye, today accused Microsoft of dragging
its feet to solving the problem. His company alerted Microsoft on
June 8, he said, but Microsoft told him to keep quiet about it.
Bushnaq said he went public yesterday because he felt Microsoft
wasn't doing anything to resolve the issue.
"But Bushnaq didn't stop at just publicizing the bug, and that's
where the controversy comes in: EEye posted a program that will
exploit the weakness..."
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.