Intrusion Detection FAQ: What are unicode vulnerabilities on Internet Information Server (IIS)?
Tom Rodriguez A number of recent wormsincluding the Red Worm, Red Worm II, and Nimda wormhave exploited Unicode vulnerabilities in the IIS server in order to achieve phenomenal growth. This article will describe and examine these vulnerabilities. There are two major vulnerabilities: the IIS/PWS Exetended Unicode Directory Traversal Vulnerability and the IIS/PWS Escaped Character Decoding Command Execution Vulnerability.