The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.