@Loverock Davidson
actually, you have some privileges on any IIS webserver you connect to. find a flaw in IIS allowing you remote code execution, and you could chain to this to elevate your privileges from anonymous web visitor to local administrator. very difficult now, but still possible
if you find a free web hosting service running IIS that allows scripts in free account pages, it is much easier as you have permission to upload code that it will execute rather than having to compromise it externally first
to a malicious hacker, it isn't that hard once the chinks in the armor are found, and Microsoft has a bad habit of pretending the vulnerability wasn't found until the patch is ready unless forced to admit otherwise.
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
