Arbitrary Code-Execution Vulnerability in Internet Information Server
A vulnerability in Microsoft Internet Information Server (IIS) 4.0
could result in arbitrary remote code execution and remote compromise
of the vulnerable system. This vulnerability is a result of a
buffer-overflow condition in the redirect function. Micosoft has
released bulletin MS04-021, “Security Update for IIS 4.0 (841373),” to
address this vulnerability and recommends that affected users apply
the appropriate patch listed in the bulletin.
(http://secadministrator.com/articles/index.cfm?articleid=43272)