It was discovered that the ASP.NET Core Module (ANCM) did not properly sanitize certain input. A local attacker could exploit this vulnerability to gain escalated privileges. Successful exploitation requires that the application is hosted using IIS.