Microsoft Internet Information Server 5.0 Patch: Web Server File Request Parsing Update (Windows)
This update resolves the "Web Server File Request Parsing" security vulnerability in Internet Information Services (IIS) 5.0 and is discussed in Microsoft Security Bulletin MS00-086. Download now to prevent a malicious user from modifying Web pages, adding, changing, or deleting files by sending malformed file requests. When a Web server that is running IIS receives a request for a file, it passes the name of the file to the operating system for processing. If a malicious user combines a request for a .cmd or .bat file with operating system commands in a particular way, IIS improperly passes both the file request and the commands to the operating system. This could allow the malicious user to run commands directly on the Web server.