The first vulnerability was detected in a feature which allows web site owners to restrict access to certain sites. According to Microsoft’s security bulletin, “by sending a specially chosen request to an affected server, an attacker could either disrupt web services or gain the ability to run a program on the server”. Such a program could run with full system privileges and “be capable of taking any action the attacker desired”.
The second flaw relates to the way that the web-authoring function uploads files and the third was found in the server’s database features.
The flaws could allow hackers to attack computers running Windows, Unix operating systems and Mac OS X.