HighCheck or Attack Name: iiscmd
The Microsoft Internet Information Server (IIS) 1.0 contains a vulnerability that allows a remote attacker to execute commands on the server via .BAT and .CMD files. It is believed this hole affects other servers, in addition to IIS. Contact your vendor for more information.
Disable IIS' ability to map .BAT and .CMD to the Windows NT Command Interpreter. If this is not an option, obtain the applicable patch for this vulnerability or upgrade IIS to the latest version.
Microsoft Knowledge Base Article Q148188, Internet Information Server Security .CMD /.BAT Patch, http://support.microsoft.com/support/kb/articles/q148/1/88.asp
