Soroush Dalili has possibly discovered a vulnerability in Microsoft Internet Information Services (IIS).  Claims are that it can be exploited to potentially bypass certain security restrictions and compromise a vulnerable system. The hypothesis is that the web server would incorrectly execute code included in a file which has multiple extensions separated by “;” (example: “filename.asp;pdf”)   One could hypothetically upload and execute malicious code using a system like lynx with the offending suffix in the filename.]]>