IIS bugs are 'Microsoft' bugs -- because MS *makes* IIS. IIS bugs are not 'Windows' bugs.
And this is not a Linux bug. Man, you really have to be kidding, right? You at least know that much, don't you?
Ask yourself -- with this bug, can you attack the OS itself? The answer is *no*. This is not an OS vulnerability.
I'm beginning to wonder about ya'll. Are you seriously trying to claim this as a Linux bug?