Editors' Note: Clicking on the Download Now (Visit Site) button above will open a connection to a third-party site. Download.com cannot completely ensure the security of the software hosted on third-party sites.
When a Web server that is running IIS receives a request for a file, it passes the name of the file to the operating system for processing. If a malicious user combines a request for a .cmd or .bat file with operating system commands in a particular way, IIS improperly passes both the file request and the commands to the operating system. This could allow the malicious user to run commands directly on the Web server.