MS02-018: Cumulative Patch for Internet Information Services (327696)
Critical Nessus Plugin ID 10943
Arbitrary code can be executed on the remote host through the web server.
The remote version of Windows contains multiple flaws in the Internet Information Service (IIS), such as heap overflow, DoS, and XSS that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges.
Microsoft has released a set of patches for IIS 4.0, 5.0, 5.1.