More information on the vulnerability described in ms99-061, a problem in IIS that causes it to parse invalid escape sequences, allowing a carefully made string to bypass IDS systems, ISAPI filters, and extension handlers. Includes a perl script to test for vulnerability.
ef40568ad6b25c2ee06d8471ee964346dcb723886938cecd3b91cb78e396a9a0