Ferruh passed this onto me and this looks like a really interesting vulnerability. Essentially if you can upload a file with semicolon(;) in it, you may be able to upload and execute asp code.
IIS can execute any extension as an Active Server Page or any other executable extension. For instance “malicious.asp;.jpg” is executed as an ASP file on the server. Many file uploaders protect the system by checking only the last section of the filename as its extension. And by using this vulnerability, an attacker can bypass this protection and upload a dangerous executable file on the server.
Original Advisory can be found here