CVE-2007-2897

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services (IIS) version 6.0

Description The issue allows remote attackers to cause a denial of service, potentially obtain sensitive information, and possibly execute arbitrary code with physical access. This is achieved by sending requests for a URI containing a '/' immediately before and after the name of a DOS device, effectively bypassing the blacklist for DOS device requests.

Recommendations For Microsoft Internet Information Services (IIS) version 6.0, consider restricting access to the server to minimize the risk of exploitation, and apply configuration changes to prevent requests for URIs containing DOS device names. At the moment, there is no information about a newer version that contains a fix for this vulnerability.