CVE-2008-4301

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Information Services (IIS) (affected versions not specified)

Description: A certain ActiveX control in iisext.dll allows remote attackers to set a password via a string argument to the SetPassword method. However, this issue could not be reproduced by a reliable third party, and the original researcher is considered unreliable, making the original disclosure probably erroneous.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.