Microsoft IIS remotely exploitable vulnerability

According to an exploit posting on Milw0rm, there is a serious remotely exploitable vulnerability in the Microsoft’s IIS server.

US Cert Vulnerability Note VU#276653 notes that the Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system.

In the actual exploit code, the author states that the vulnerability affects IIS 5.0, as well as IIS 6.0 with stack cookie protection.